I am using 64-bit Oracle enterprise Linux and am trying to set up HTTPS for the Apache server. I downloaded the mod_ssl package and tried to change some settings in /etc/httpd/conf.d/ssl.conf because I wanted to use my own SSL certificate instead of the one bundled by mod_ssl. I have changed SSLPassPhraseDialog from 'buildin' to 'exec:/usr/local/bin/getmypasskey', which provides a one-time password for my SSL private key. I have changed 'SSLCertificateFile', 'SSLCertificateKeyFile', and 'SSLCACertificateFile' to point to my own self-signed certificate, private key and my root CA certificate. But when I start Apache, it does not run. The log file in /var/log/httpd/ssl_error.log has the following entries:
[Wed Feb 05 17:43:37 2014] [error] Init: Pass phrase incorrect
[Wed Feb 05 17:43:37 2014] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Wed Feb 05 17:43:37 2014] [error] SSL Library Error: 218640442 error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
[Wed Feb 05 17:43:37 2014] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Wed Feb 05 17:43:37 2014] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
[Wed Feb 05 17:43:37 2014] [error] SSL Library Error: 67710980 error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib
[Wed Feb 05 17:43:37 2014] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Wed Feb 05 17:43:37 2014] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
The most puzzling thing is the getmypasskey is never executed. I can be sure of this because I wrap a shell script around the actual program to log an entry if it is called and the log file does not even get generated. If I manually run the program /usr/local/bin/getmypasskey, it does generate the log file. This proves that Apache does not invoke the program specified in the SSLPassPhraseDialog directive in ssl.conf. I have tried the same setting on Ubuntu 13 and it works as expected. Has anyone experienced this problem?