can not reset SSL Private Key & Certificate for Virtual Host

Discussion in 'Bug Reports' started by andreas, Jul 19, 2011.

  1. andreas

    andreas Well-Known Member

    *value must be set
     
  2. webizen

    webizen Well-Known Member

    you can manually empty the fields in config xml for the time being. admin cp will be updated to allow reset in a bit.
     
  3. webizen

    webizen Well-Known Member

    the latest 4.1.2 allows the reset.
     
  4. netjess

    netjess Active Member

    /etc/ssl/private/server.key

    I have a new install running on Ubuntu 10.10.
    I accepted defaults during install.

    When I try to set up my first SSL listener it sees the cert file but on the key file it returns "*file /etc/ssl/private/server.key does not exist. Please create manually".

    In the server log it has the error:
    0#_AdminVHost] [STDERR] PHP Warning: is_file() [<a href='function.is-file'>function.is-file</a>]: Stat failed for /etc/ssl/private/server.key (errno=13 - Permission denied) in /usr/local/lsws/admin/html.4.1.2/classes/ConfValidation.php on line 627

    I have not been able to figure out what/who access is getting denied.
    I compared permissions to the file to another server we have running and they look the same. I even added lsadm user to the root group (not sure that is a good idea).

    sudo ls -l /etc/ssl/private/server.key
    -rwxrwxr-- 1 root root 963 2011-07-28 16:49 /etc/ssl/private/server.key

    any thoughts?
     
  5. netjess

    netjess Active Member

    Well, I did a "chown -R lsadm:lsadm /etc/ssl/private" and that let me apply the key.

    But now I am getting:
    "[SSL] Config SSL Context with Certificate File: /etc/ssl/certs/server.crt and Key File:/etc/ssl/private/server.key get SSL error: error:0906406D:pEM routines:pEM_def_callback: problems getting password"

    and

    "[config:server:listener:SSL] failed to start SSL listener on address 192.168.1.238:443!"
     
  6. mistwang

    mistwang LiteSpeed Staff

    You can make /etc/ssl/private/ world readable temporarily, after save the configuration, then lock down the permission.
    This issue will be addressed in next release 4.1.3 .
     
  7. mistwang

    mistwang LiteSpeed Staff

    You have to remove the passcode of the private key.
     
  8. netjess

    netjess Active Member

Share This Page