can not reset SSL Private Key & Certificate for Virtual Host

netjess

Active Member
#4
/etc/ssl/private/server.key

I have a new install running on Ubuntu 10.10.
I accepted defaults during install.

When I try to set up my first SSL listener it sees the cert file but on the key file it returns "*file /etc/ssl/private/server.key does not exist. Please create manually".

In the server log it has the error:
0#_AdminVHost] [STDERR] PHP Warning: is_file() [<a href='function.is-file'>function.is-file</a>]: Stat failed for /etc/ssl/private/server.key (errno=13 - Permission denied) in /usr/local/lsws/admin/html.4.1.2/classes/ConfValidation.php on line 627

I have not been able to figure out what/who access is getting denied.
I compared permissions to the file to another server we have running and they look the same. I even added lsadm user to the root group (not sure that is a good idea).

sudo ls -l /etc/ssl/private/server.key
-rwxrwxr-- 1 root root 963 2011-07-28 16:49 /etc/ssl/private/server.key

any thoughts?
 

netjess

Active Member
#5
Well, I did a "chown -R lsadm:lsadm /etc/ssl/private" and that let me apply the key.

But now I am getting:
"[SSL] Config SSL Context with Certificate File: /etc/ssl/certs/server.crt and Key File:/etc/ssl/private/server.key get SSL error: error:0906406D:pEM routines:pEM_def_callback: problems getting password"

and

"[config:server:listener:SSL] failed to start SSL listener on address 192.168.1.238:443!"
 

mistwang

LiteSpeed Staff
#6
You can make /etc/ssl/private/ world readable temporarily, after save the configuration, then lock down the permission.
This issue will be addressed in next release 4.1.3 .
 

mistwang

LiteSpeed Staff
#7
Well, I did a "chown -R lsadm:lsadm /etc/ssl/private" and that let me apply the key.

But now I am getting:
"[SSL] Config SSL Context with Certificate File: /etc/ssl/certs/server.crt and Key File:/etc/ssl/private/server.key get SSL error: error:0906406D:pEM routines:pEM_def_callback: problems getting password"

and

"[config:server:listener:SSL] failed to start SSL listener on address 192.168.1.238:443!"
You have to remove the passcode of the private key.
 
Top