Custom TLS encryption

Hi,

I am trying to add my internal custom certificate that has been created internal in my company.

I would like to know if it is mandatory insert the “Chain”.

Afert assign this certificate to the web acess, I lost web access.

image

I just acess via web after reset apache.

Do you know what can be?

image

cat /var/log/httpd/error_log

[Thu Apr 21 22:26:44.326663 2022] [mpm_prefork:notice] [pid 24665] AH00171: Graceful restart requested, doing restart
[Thu Apr 21 22:26:44.412582 2022] [lbmethod_heartbeat:notice] [pid 24665] AH02282: No slotmem from mod_heartmonitor
[Thu Apr 21 22:28:14.506140 2022] [ssl:emerg] [pid 24665] AH02204: Init: Pass phrase incorrect for key of 127.0.0.1:3501
[Thu Apr 21 22:28:14.506221 2022] [ssl:emerg] [pid 24665] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Thu Apr 21 22:28:14.506243 2022] [ssl:emerg] [pid 24665] SSL Library Error: error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
[Thu Apr 21 22:28:14.506254 2022] [ssl:emerg] [pid 24665] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Thu Apr 21 22:28:14.506267 2022] [ssl:emerg] [pid 24665] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=RSA)
[Thu Apr 21 22:28:14.506279 2022] [ssl:emerg] [pid 24665] SSL Library Error: error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib
[Thu Apr 21 22:28:14.506286 2022] [ssl:emerg] [pid 24665] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Thu Apr 21 22:28:14.506293 2022] [ssl:emerg] [pid 24665] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=PKCS8_PRIV_KEY_INFO)
[Thu Apr 21 22:28:14.506297 2022] [ssl:emerg] [pid 24665] AH02312: Fatal error initialising mod_ssl, exiting.

I search the error log’s but I can´t see the resolution:

IPA fails to start and logs the message “AH02564: Failed to configure encrypted (?) private key …” - Red Hat Customer Portal

image

Apache httpd is unable to start due to SSL Library Error in RHEL 8 - Red Hat Customer Portal

image

This is tge best solution you provide?

RemoveSSLCertPassPhrase - HTTPD - Apache Software Foundation

Hi,

I am trying to add my internal custom certificate that has been created internal in my company, but after add them to the VitalPBX and apply I lost the web access to the VitalPBX.

This is my version installed:

image

After few secounds via SSH I see that this service failed:

image

To remove AH00558, i follow this article and

Apache Configuration Error AH00558: Could not reliably determine the server’s fully qualified domain name | DigitalOcean

I just acess via web after reset apache.

image

Do you know what can be?

After search in some forum this error, I found the log file:

cat /var/log/httpd/error_log

[Thu Apr 21 22:26:44.326663 2022] [mpm_prefork:notice] [pid 24665] AH00171: Graceful restart requested, doing restart
[Thu Apr 21 22:26:44.412582 2022] [lbmethod_heartbeat:notice] [pid 24665] AH02282: No slotmem from mod_heartmonitor
[Thu Apr 21 22:28:14.506140 2022] [ssl:emerg] [pid 24665] AH02204: Init: Pass phrase incorrect for key of 127.0.0.1:3501
[Thu Apr 21 22:28:14.506221 2022] [ssl:emerg] [pid 24665] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Thu Apr 21 22:28:14.506243 2022] [ssl:emerg] [pid 24665] SSL Library Error: error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
[Thu Apr 21 22:28:14.506254 2022] [ssl:emerg] [pid 24665] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Thu Apr 21 22:28:14.506267 2022] [ssl:emerg] [pid 24665] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=RSA)
[Thu Apr 21 22:28:14.506279 2022] [ssl:emerg] [pid 24665] SSL Library Error: error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib
[Thu Apr 21 22:28:14.506286 2022] [ssl:emerg] [pid 24665] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Thu Apr 21 22:28:14.506293 2022] [ssl:emerg] [pid 24665] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=PKCS8_PRIV_KEY_INFO)
[Thu Apr 21 22:28:14.506297 2022] [ssl:emerg] [pid 24665] AH02312: Fatal error initialising mod_ssl, exiting.

I see this two web pages talk about this issue but I can’t see the content because I am not a subscriber user.

IPA fails to start and logs the message “AH02564: Failed to configure encrypted (?) private key …” - Red Hat Customer Portal

image

Apache httpd is unable to start due to SSL Library Error in RHEL 8 - Red Hat Customer Portal

image

I see this workaround, but is not secure remove the password from certificate:

RemoveSSLCertPassPhrase - HTTPD - Apache Software Foundation

Steps that I did:

image

What do you suggest?

Hi @jppedrosa

I have merged both topics. Please don’t create duplicate topics. Thank you

Sorry for my mistake.

I thought that I had open a ticket in the wrong section and than open a ticket in the red section and than I try to remove the other one but I can’t.

Thanks for your attention

Can we use this article like reference to export all tree files from .pfx, that are necessary to add in VitalPBX?

Are there any alerts or reminders that can be configured in VitalPBX to remind you to renew the certificate before it expires?

This is something your CA does.

If you use LE on VitalPBX it renews it automatically.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.