getting an error when trying to upload the httpd service of a vapp server, the uploaded "key and cer" certificates worked on all the vapp servers except one.
Trying to start httpd service.
#systemctl status httpd.service
httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Drop-In: /etc/systemd/system/httpd.service.d
└─vapp_env.conf
Active: failed (Result: exit-code) since Fri 2022-06-17 16:30:59 EST; 4 days ago
Docs: man:httpd.service(8)
Process: 2651976 ExecReload=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
Process: 2651875 ExecReload=/usr/CA/.VAPP_install/apache/apache_start_pre.sh (code=exited, status=0/SUCCESS)
Main PID: 2651976 (code=exited, status=1/FAILURE)
Status: "Reading configuration.."
............Failed to start The Apache HTTP Server
- The file ssl_vappAdminUI_error_log is concerning about they key
[Fri Jun 17 09:21:22.822951 2022] [ssl:error] [pid 2482311:tid 140511840225600] AH02579: Init: Private key not found
[Fri Jun 17 09:21:22.823031 2022] [ssl:error] [pid 2482311:tid 140511840225600] SSL Library Error: error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag
[Fri Jun 17 09:21:22.823062 2022] [ssl:error] [pid 2482311:tid 140511840225600] SSL Library Error: error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error
[Fri Jun 17 09:21:22.823084 2022] [ssl:error] [pid 2482311:tid 140511840225600] SSL Library Error: error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag
[Fri Jun 17 09:21:22.823108 2022] [ssl:error] [pid 2482311:tid 140511840225600] SSL Library Error: error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error (Type=RSAPrivateKey)
[Fri Jun 17 09:21:22.823131 2022] [ssl:error] [pid 2482311:tid 140511840225600] SSL Library Error: error:04093004:rsa routines:old_rsa_priv_decode:RSA lib
[Fri Jun 17 09:21:22.823151 2022] [ssl:error] [pid 2482311:tid 140511840225600] SSL Library Error: error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag
[Fri Jun 17 09:21:22.823173 2022] [ssl:error] [pid 2482311:tid 140511840225600] SSL Library Error: error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error (Type=PKCS8_PRIV_KEY_INFO)
[Fri Jun 17 09:21:22.823204 2022] [ssl:emerg] [pid 2482311:tid 140511840225600] AH02564: Failed to configure encrypted (?) private key CA_IMAG_VAPP:443:0, check /etc/pki/tls/private/localhost.key
Release : 14.4
Component : httpd service
localhost.key primary key certificate altered
Troubleshooting :
a) Check the localhost.key file Permission
ls -l /etc/pki/tls/private/localhost.key
lrwxrwxrwx 1 root root 69 Nov 19 2021 /etc/pki/tls/private/localhost.key -> /opt/CA/VirtualAppliance/custom/apache-ssl-certificates/localhost.key
**the above output if the expected.
b) Check if the key certificate is correct :
openssl rsa -in /etc/pki/tls/private/localhost.key -check
ie : unable to load Private key
1223344556677889:error:0909006C:PEM routines:get_name_no start line:crypto/pem/pem_lib.c:745:Expecting: ANY PRIVATE KEY
** this indicate the key certificate is wrong.
a good output should looks like :
RSA key ok
writing RSA key
-----BEGIN RSA PRIVATE KEY-----
....
-----END RSA PRIVATE KEY-----
c) Check the certificate:
openssl x509 -in /etc/pki/tls/certs/localhost.crt -text -noout
it should shows
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
etc...
How to Resolve the issue :
1. copy key certificate file (/etc/pki/tls/private/localhost.key) from a working vapp server
2. copy into the problematic server (same folder) and restart httpd service