Ooops, my bad.


~$ sudo openssl rsa -in /etc/ssl/private/owncloud.key -check

RSA key ok



So the key file itself is not the problem...



Am Mo, 29. Sep 2014, um 22:15, schrieb Benjamin Oppermann:

So should I revoke the changes to permissions I made, or remove
permissions for my user, leaving only root?



~$ openssl rsa -in /etc/ssl/private/owncloud.key -check

Error opening Private Key /etc/ssl/private/owncloud.key

139748944725664:error:0200100D:system library:fopen:Permission
denied:bss_file.c:398:fopen('/etc/ssl/private/owncloud.key','r'
)

139748944725664:error:20074002:BIO routines:FILE_CTRL:system
lib:bss_file.c:400:

unable to load Private Key



I take it this means the key file is broken?





Am Mo, 29. Sep 2014, um 21:57, schrieb Daniel:

a private key should never be accesible to groups or others,
just root as read only.

Having said this... have you checked the key file is correct?

try this:
openssl rsa -in /etc/ssl/private/owncloud.key -check


2014-09-29 21:22 GMT+02:00 Benjamin Oppermann
<[1]ben....@eml.cc>:

Ok, I tried this. The permissions are now:



~$ sudo ls -l /etc/ssl/private/owncloud.key

-rw-r--r-- 1 root ben 1704 Sep 28 04:01
/etc/ssl/private/owncloud.key



I still get the same error.

Regards Ben





Am Mo, 29. Sep 2014, um 14:12, schrieb Bremser, Kurt (AMOS
Austria

GmbH):

> The first thing that I'd try is
> sudo chmod go+r /etc/ssl/private/owncloud.key
>
> Kurt Bremser
> AMOS Austria
>
> Newton was wrong. There is no gravity. The Earth sucks.
> ________________________________________
> Von: Benjamin Oppermann [ben....@eml.cc]
> Gesendet: Montag, 29. September 2014 13:31
> An: [2]users@httpd.apache.org
> Betreff: **SPAM?** [users@httpd] "corrupted content" error,
httpd can't
> access SSL key file [wd-vc]
>
> Hi,
> I can't reach my website, I get a "corrupted content" error
message in
> the browser.
> Looking into apache (version 2.4.7 on Ubuntu 14.04), I get
>
> ~$ apachectl -S
>     AH00526: Syntax error on line 22 of
>     /etc/apache2/sites-enabled/000-default.conf:
>     SSLCertificateKeyFile: file
'/etc/ssl/private/owncloud.key' does not
>     exist or is empty
>     Action '-S' failed.
>
> However, I double checked that the file is in the appropriate
location
> and does contain the key, so maybe apache has no permission.
afaik, it
> doesn't run as root all the time - or only for a short time?
> permissions for the key file are as follows:
>
> ~$ sudo ls -l /etc/ssl/private/owncloud.key
>     -rw------- 1 root ben 1704 Sep 28 04:01
>     /etc/ssl/private/owncloud.key
>
> , where ben is my normal user.
> It was suggested to me on the httpd IRC channel that maybe
apparmor was
> doing something wrong, but I don't know how to investigate
that.
> I did have a working configuration and made no changes to it
before this
> happened. The only change I made was to put a router between
the second
> gateway and the server and resolved the domain name to its
local IP
> inside the network (the page isn't reachable from inside
either).
> Just so you know, this is the first time I am setting up a
server, and I
> am all self-taught.
> Reading suggestions for a good start are appreciated, but of
course a
> how-to or specific section of a manual would be more helpful
than a
> generic exhortation to rtfm :-)
> Any hints?
> Thanks, Ben
>
>
---------------------------------------------------------------
------
> To unsubscribe, e-mail: [3]users-unsubscr...@httpd.apache.org
> For additional commands, e-mail:
[4]users-h...@httpd.apache.org

>
---------------------------------------------------------------
------
> To unsubscribe, e-mail: [5]users-unsubscr...@httpd.apache.org
> For additional commands, e-mail:
[6]users-h...@httpd.apache.org
>

---------------------------------------------------------------
------
To unsubscribe, e-mail: [7]users-unsubscr...@httpd.apache.org
For additional commands, e-mail: [8]users-h...@httpd.apache.org

References

1. mailto:ben....@eml.cc
2. mailto:users@httpd.apache.org
3. mailto:users-unsubscr...@httpd.apache.org
4. mailto:users-h...@httpd.apache.org
5. mailto:users-unsubscr...@httpd.apache.org
6. mailto:users-h...@httpd.apache.org
7. mailto:users-unsubscr...@httpd.apache.org
8. mailto:users-h...@httpd.apache.org

Reply via email to