Strange error after upgrading from Apache 2.2.25 to 2.2.27 (and upgrading from FreeBSD9 to FreeBSD10)
ohauer at gmx.de
Thu Jun 26 21:16:27 UTC 2014
On 2014-06-23 10:48, Rainer Duffner wrote:
> Am Mon, 16 Jun 2014 16:03:38 +0200
> schrieb Rainer Duffner <rainer at ultra-secure.de>:
>> I have a system that does the following:
>> SSLProxyEngine on
>> SSLProxyMachineCertificateFile /usr/local/etc/apache/ssl.crt/DocboxTestProxyClientKeyCert.crt
>> SSLProxyCACertificateFile /usr/local/etc/apache/ssl.crt/ProxyTest_RedAndPurpleCA.crt
>> SSLProxyVerify require
>> SSLProxyVerifyDepth 1
>> This configuration worked with FreeBSD9, apache-2.2.25.
>> However, after the upgrade to FreeBSD10 and apache-2.2.27, I get:
> Also, it does work with FreeBSD 9.2p8 and apache-2.2.27.
> So it really seems to be a problem with FreeBSD 10's OpenSSL.
One of the difference between 8/9 and 10 is the OpenSSL version 0.9.8? and 1.0.1?
It seems you are not the only one and it has something to do with the SSL key format (PKCS#8 / PKCS#1)
New OpenSSL is using PKCS#1 which is not supported by mod_ssl but the cert can be converted to PKCS#8
See the Answer from Joe Orton on the RHEL bugtracker
More information about the freebsd-apache