From owner-freebsd-questions@FreeBSD.ORG  Thu Oct 18 02:09:00 2007
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 1798F16A41B
	for <freebsd-questions@freebsd.org>;
	Thu, 18 Oct 2007 02:09:00 +0000 (UTC)
	(envelope-from beastie@mra.co.id)
Received: from mx3.mra.co.id (mx3.mra.co.id [202.57.14.3])
	by mx1.freebsd.org (Postfix) with ESMTP id 5430C13C468
	for <freebsd-questions@freebsd.org>;
	Thu, 18 Oct 2007 02:08:59 +0000 (UTC)
	(envelope-from beastie@mra.co.id)
Received: from localhost (localhost.mra.co.id [127.0.0.1])
	by mx3.mra.co.id (Postfix) with ESMTP id 850D230F9C;
	Thu, 18 Oct 2007 08:59:51 +0700 (WIT)
Received: from mx3.mra.co.id ([127.0.0.1])
	by localhost (mx3.mra.co.id [127.0.0.1]) (amavisd-new,
	port 10024) with ESMTP
	id 62174-04; Thu, 18 Oct 2007 08:59:51 +0700 (WIT)
Received: from mail.mra.co.id (unknown [172.16.0.224])
	by mx3.mra.co.id (Postfix) with ESMTP id 425F530F81;
	Thu, 18 Oct 2007 08:59:51 +0700 (WIT)
Received: from [172.16.14.10] (unknown [172.16.14.10])
	by mail.mra.co.id (Postfix) with ESMTP id 851AF6602595;
	Thu, 18 Oct 2007 08:49:32 +0700 (WIT)
From: Beastie <beastie@mra.co.id>
To: Daniel Bye <freebsd-questions@slightlystrange.org>
In-Reply-To: <20071017123845.GA1393@brick.slightlystrange.org>
References: <1192628761.14024.44.camel@beastie.mra.co.id>
	<20071017123845.GA1393@brick.slightlystrange.org>
Content-Type: text/plain
Date: Thu, 18 Oct 2007 10:33:44 +0700
Message-Id: <1192678424.21168.5.camel@beastie.mra.co.id>
Mime-Version: 1.0
X-Mailer: Evolution 2.8.1.1 FreeBSD GNOME Team Port 
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by amavisd-new at mra.co.id
Cc: freebsd-questions@freebsd.org
Subject: Re: apache mod_ssl chroot problem
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Oct 2007 02:09:00 -0000

On Wed, 2007-10-17 at 13:38 +0100, Daniel Bye wrote:
> On Wed, Oct 17, 2007 at 08:46:01PM +0700, Muhammad Reza wrote:
> > Dear List.
> > 
> > I have problem running apache in chroot mode with ssl enable.
> > Apache in chroot mode running fine without ssl enable, but when i try to
> > start with mod_ssl enable, error occured with this message.
> > 
> > beastie#chroot /chroot/httpd /usr/local/apache2/bin/httpd
> > Apache/2.2.6 mod_ssl/2.2.6 (Pass Phrase Dialog)
> > Some of your private key files are encrypted for security reasons.
> > In order to read them you have to provide the pass phrases.
> > 
> > Server beastie.mra.co.id:443 (RSA)
> > Enter pass phrase:Apache:mod_ssl:Error: Private key not found.
> > **Stopped
> > 
> > and with error log
> > 
> > [Wed Oct 17 13:37:25 2007] [error] Init: Private key not found
> > [Wed Oct 17 13:37:25 2007] [error] SSL Library Error: 218710120
> > error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad tag
> > [Wed Oct 17 13:37:25 2007] [error] SSL Library Error: 218529960
> > error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
> > [Wed Oct 17 13:37:25 2007] [error] SSL Library Error: 218595386
> > error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
> > [Wed Oct 17 13:37:25 2007] [error] SSL Library Error: 218734605
> > error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib
> > [Wed Oct 17 13:38:32 2007] [error] Init: Private key not found
> > [Wed Oct 17 13:38:32 2007] [error] SSL Library Error: 218710120
> > error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad tag
> > [Wed Oct 17 13:38:32 2007] [error] SSL Library Error: 218529960
> > error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
> > [Wed Oct 17 13:38:32 2007] [error] SSL Library Error: 218595386b
> > error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
> > [Wed Oct 17 13:38:32 2007] [error] SSL Library Error: 218734605
> > error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib
> > 
> > If i escape from chrooted enviroment, apache with mod_ssl work fine 
> > 
> > beastie# /usr/local/apache2/bin/httpd
> > Apache/2.2.6 mod_ssl/2.2.6 (Pass Phrase Dialog)
> > Some of your private key files are encrypted for security reasons.
> > In order to read them you have to provide the pass phrases.
> > 
> > Server www.example.com:443 (RSA)
> > Enter pass phrase:
> > 
> > OK: Pass Phrase Dialog successful.
> > 
> > Is there something missing here, please enlight me.
> 
> The first thing that comes to mind - are your keys inside the chroot area
> you want to run apache in?
> 
the key is in /chroot/httpd/usr/local/apache2/conf/  with 400 mode owner
by root
and the path in htppd-ssl.conf is 
SSLCertificateKeyFile "/usr/local/apache2/conf/server.key"
Is there anyway to test that my key is visible by chroot program ??

regards
Reza