0

I'm trying to update few of existing SSL certificates with updated expiration on following system:

# cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 6.7 (Santiago)
# uname -a
Linux X 2.6.32-573.3.1.el6.x86_64 #1 SMP Mon Aug 10 09:44:54 EDT 2015 x86_64 x86_64 x86_64 GNU/Linux
# rpm -q Pound openssl
Pound-2.6-2.el6.x86_64
openssl-1.0.1e-42.el6.x86_64
#

I have several Listeners inside of pound - HTTP/HTTPS reverse-proxy and load-balancer, even though both of certificates came from GoDaddy, one of the certificate isn't giving me any issues at all, and the other one does.

I'm getting following error message while issuing service pound restart:

SSL_CTX_use_PrivateKey_file failed - aborted

I'm reading pound_list archive, but as of yet I was not able to find solution that works for me. (My private key is NOT password protected).

alexus
  • 13,112
  • 32
  • 117
  • 174
  • Do the two private key files appear to have the same format? Do they look similar in structure? – David Schwartz Sep 21 '15 at 17:53
  • @DavidSchwartz format looks same. I just talked to GoDaddy and they agreed to redo them, hopefully everything will work this time. – alexus Sep 21 '15 at 19:47
  • GoDaddy generated the private key file?! – David Schwartz Sep 21 '15 at 19:47
  • no no) redo certificates. I used `openssl modulus check` and they weren't matching. – alexus Sep 21 '15 at 19:48
  • I think private key is ok, it looks like it's mismatching with certificate and that's what cause to generate this error. – alexus Sep 21 '15 at 19:50
  • Gotcha. Maybe it's an old private key file? Or maybe it's a new one and the old one was inadvertently used in the request? In any event, a new cert is probably the best way to go, especially if you're not sure what went wrong. – David Schwartz Sep 21 '15 at 19:55
  • I used `openssl modulus check | openssl md5` for key, csr and as soon as I get certificates from Godaddy, I will run it against crt as well, they all should match. – alexus Sep 21 '15 at 20:00

0 Answers0