Starting webserver: Error loading RSA private key (FFFFED00)
blarg
8 March 2013, 18:19
Hiawatha version: Hiawatha v8.7, cache, IPv6, Monitor, reverse proxy, SSL, Tomahawk, URL toolkit, XSLT
Operating System: Ubuntu 12.04.2 LTS
Hi I'm trying to get SSL working on hiawatha using a cacert signed certificate. I concatenated the 3 pem files needed using:
cat key.key cert.crt root.crt > /etc/hiawatha/serverkey.pem
and configured hiawatha as follows:
Binding {
Port = 443
MaxKeepAlive = 30
TimeForRequest = 3,20
SSLcertFile = /etc/hiawatha/serverkey.pem
}
I'm not sure why I'm getting this error. The same certificate works fine with apache. Any help is greatly appreciated.
Hugo Leisink
9 March 2013, 09:10
Is your private key password protected? If so, remove the password.
blarg
11 March 2013, 10:27
thank you hugo that did the trick.
is there a way to tell hiawatha the password perhaps in some config file, or maybe handle it like apache, prompting for the passphrase when the server is started?
for anyone else with the same problem all you need to do is decrypt your key using:
openssl rsa -in key.key -out newkey.key
you will be prompted for the passphrase
also make sure the permissions are right you don't want it to be readable by anything other than root:
chown root:root newkey.key
chmod 400 newkey.key
ditto for serverkey.pem when generated.
Hugo Leisink
13 March 2013, 14:49
I think limiting access to the SSL key files should be enough. The password in a config file doesn't improve security, because you then need to limit access to that file as well. And entering a password upon start... what if you have a server with 10 SSL key files. You want to enter 10 passwords every time you start the webserver?
This topic has been closed.