Hello everyone. After a long time, I’m back with you.
I have a problem. When I try to import an SSL Certificate, I get this error:
Validation failed: RSA or EC private key (PEM encoding)
I took the private key from a server that I want to replace with a Nethserver. It could have a passphrase. The CRS is emitted from a trusted authority (bought online)
Can someone of you help me to understand better what could be the problem?
If that’s the case, it must be removed. You can do that by running openssl rsa -in [file1.key] -out [file2.key], where file1.key is the file containing the existing private key, and file2.key is where you want the unencrypted key to go.
But really, in 99.9% of situations, getting a cert from Let’s Encrypt is going to be the better answer.
In the meantime, I’ve found a workaround installing the certificate via command line following these steps:
Via the command line, I had the opportunity to insert the passphrase of the key to install the certificate correctly.
It works for httpd service.
When I run
$ signal-event nethserver-httpd-update
The system asks me to use system-tty-ask-password-agent to input the passphrase, and the service starts correctly.
The same thing doesn’t happen for httpd-admin service
I get this error:
[root@www ~]# systemctl status httpd-admin
● httpd-admin.service - Server Manager UI httpd instance
Loaded: loaded (/usr/lib/systemd/system/httpd-admin.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since mer 2020-02-12 22:11:17 CET; 9h ago
Docs: https://github.com/NethServer/nethserver-httpd-admin
Main PID: 52939 (code=exited, status=1/FAILURE)
feb 12 22:11:17 nethserver systemd[1]: Started Server Manager UI httpd instance.
feb 12 22:11:17 nethserver httpd[52939]: Apache/2.4.6 mod_ssl (Pass Phrase Dialog)
feb 12 22:11:17 nethserver httpd[52939]: Some of your private key files are encrypted for security reasons.
feb 12 22:11:17 nethserver httpd[52939]: In order to read them you have to provide the pass phrases.
feb 12 22:11:17 nethserver httpd[52939]: Server www.domain.it:443 (RSA)
feb 12 22:11:17 nethserver httpd[52939]: Enter pass phrase:Apache:mod_ssl:Error: Private key not found.
feb 12 22:11:17 nethserver httpd[52939]: **Stopped
feb 12 22:11:17 nethserver systemd[1]: httpd-admin.service: main process exited, code=exited, status=1/FAILURE
feb 12 22:11:17 nethserver systemd[1]: Unit httpd-admin.service entered failed state.
feb 12 22:11:17 nethserver systemd[1]: httpd-admin.service failed.
Now, this is the situation:
Reverse proxy works correctly with the owned certificate (hurray)
Standard Server Manager on port 980 si down (restart fails)
Cockpit Server Manager on port 9090 works, but I don’t know why
I could remove the passphrase from the key without any problem (thank you @danb35 ).
But before, I would like to configure correctly the passphrase in the system as a case study.