'ssl'에 해당하는 글 2건

# SSL인증서 패스워드 건너뛰기
 cd /usr/local/apache/conf/ssl.key
 /usr/bin/openssl rsa -in server.key -out imsi.key
 mv server.key server.key_bak
 mv imsi.key server.key


신고

WRITTEN BY
김병국
유용했던 자료를 기록해 두었습니다. 도움이 되시길~~~ Welcome! I started this blog as a way to give back to all of the other system administrators who have taught me something in the past. Writing these posts brings me a lot of enjoyment and I hope you fun

받은 트랙백이 없고 , 댓글이 없습니다.
secret
[Fri Aug 19 14:23:16 2011] [error] SSL Library Error: 218710120 error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad tag
[Fri Aug 19 14:23:16 2011] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Fri Aug 19 14:23:16 2011] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
[Fri Aug 19 14:23:16 2011] [error] SSL Library Error: 218734605 error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib


1. 먼저 서버 설정을 확인함.
특이한 설정이 있었음.

SSLPassPhraseDialog exec:/usr/local/apache/conf/ssl/xxx.sh

내용을 보면 
#/bin/sh
xxxx&&&xxxx

2. 키파일을 패스워드를 제거해기로함.

/usr/bin/openssl rsa -in a.key -out b.key

그런데 아래 에러가 발생.
 
unable to load Private Key
7119:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:325:
7119:error:0906A065:PEM routines:PEM_do_header:bad decrypt:pem_lib.c:425:

아래 사이트를 참고해 보면 직접 입력해 보라는 내용이 있음.
 http://www.entrust.net/knowledge-base/technote.cfm?tn=6563

The prompt that appears after you give the apachectl command indicates that it is not waiting for user input of the SSL Passphrase, and the screen looks frozen, however it is waiting for the end user to type in the SSL passphrase.   To resolve this error type in the SSL (PEM) passphrase to your private key and hit ENTER.  Typing the SSL passphrase does not give you ***** characters, please continue to type it.  Hitting ENTER will return you to a prompt. Apache will then start up with SSL successfully.


그래서 SSLPassPhraseDialog 주석하고 실제 패스워드 입력하고 엔터 하니 443 이 Listen 됨.

 
 여기서 그렇다면, 키파일 생성시 &&& 이부분이 문제가 되는것일까?
저작자 표시 비영리 변경 금지
신고

WRITTEN BY
김병국
유용했던 자료를 기록해 두었습니다. 도움이 되시길~~~ Welcome! I started this blog as a way to give back to all of the other system administrators who have taught me something in the past. Writing these posts brings me a lot of enjoyment and I hope you fun

받은 트랙백이 없고 , 댓글이 없습니다.
secret