Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 26 subscribers
  • Views 1608 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unable to read pass phrase [Hint: key introduced or changed before restart?]

Daniel Ross

SFOS 18.0.3 MR-3

Good morning,

I've restored an old XG back up for testing and did some comparisons with my current config.  I finished and reverted back to the current running config.  Since the revert I cannot get logged into my webserver that I'm protecting via a WAF rule.  

Here is the error:  Mon Dec 21 08:48:15.592139 2020] [ssl:error] [pid 11359:tid 140120166025024] AH02578: Init: Unable to read pass phrase [Hint: key introduced or changed before restart?

Does this have to do with the Master Key being implemented between versions?



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to the Community! 

    What was the firmware version when you took the configuration backup? 

    Could you please replicate the issue and provide the reverseproxy logs with more logs line around this error? 

    Thanks,

  • 0 in reply to FormerMember

    Harsh,

    The version of software is 18.0.3 as I stated in my first email.  The errors are as follows:

    [Mon Dec 21 09:52:58.670268 2020] [ssl:error] [pid 14587:tid 140527586129728] AH02578: Init: Unable to read pass phrase [Hint: key introduced or changed before restart?]
    [Mon Dec 21 09:52:58.670340 2020] [ssl:error] [pid 14587:tid 140527586129728] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
    [Mon Dec 21 09:52:58.670363 2020] [ssl:error] [pid 14587:tid 140527586129728] SSL Library Error: error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
    [Mon Dec 21 09:52:58.670380 2020] [ssl:error] [pid 14587:tid 140527586129728] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
    [Mon Dec 21 09:52:58.670427 2020] [ssl:error] [pid 14587:tid 140527586129728] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=RSA)
    [Mon Dec 21 09:52:58.670445 2020] [ssl:error] [pid 14587:tid 140527586129728] SSL Library Error: error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib
    [Mon Dec 21 09:52:58.670462 2020] [ssl:error] [pid 14587:tid 140527586129728] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
    [Mon Dec 21 09:52:58.670516 2020] [ssl:error] [pid 14587:tid 140527586129728] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=PKCS8_PRIV_KEY_INFO)
    [Mon Dec 21 09:52:58.670531 2020] [ssl:emerg] [pid 14587:tid 140527586129728] AH02312: Fatal error initialising mod_ssl, exiting.
    [Mon Dec 21 09:52:58.670538 2020] [ssl:emerg] [pid 14587:tid 140527586129728] AH02564: Failed to configure encrypted (?) private key ccboard.co.columbia.wi.us:443:0, check /conf/certificate/private/CCboard.key

  • +1 in reply to Daniel Ross

    This ended up being a problem with the .key file mismatch.  I discarded the cert I was using and generated another CSR for signing by a third party.  Uploading it to the XG solved the problem.

Reply Children
No Data