Forum

Hiawatha version: Hiawatha v8.7, cache, IPv6, Monitor, reverse proxy, SSL, Tomahawk, URL toolkit, XSLT
Operating System: Ubuntu 12.04.2 LTS

Hi I'm trying to get SSL working on hiawatha using a cacert signed certificate. I concatenated the 3 pem files needed using:
cat key.key cert.crt root.crt > /etc/hiawatha/serverkey.pem

and configured hiawatha as follows:

Binding {
Port = 443
MaxKeepAlive = 30
TimeForRequest = 3,20
SSLcertFile = /etc/hiawatha/serverkey.pem
}

I'm not sure why I'm getting this error. The same certificate works fine with apache. Any help is greatly appreciated.

Is your private key password protected? If so, remove the password.

thank you hugo that did the trick.
is there a way to tell hiawatha the password perhaps in some config file, or maybe handle it like apache, prompting for the passphrase when the server is started?


for anyone else with the same problem all you need to do is decrypt your key using:
openssl rsa -in key.key -out newkey.key

you will be prompted for the passphrase

also make sure the permissions are right you don't want it to be readable by anything other than root:
chown root:root newkey.key
chmod 400 newkey.key
ditto for serverkey.pem when generated.

I think limiting access to the SSL key files should be enough. The password in a config file doesn't improve security, because you then need to limit access to that file as well. And entering a password upon start... what if you have a server with 10 SSL key files. You want to enter 10 passwords every time you start the webserver?