Apache Web Server won't startup after configuring ModSecurity in SSL mode

Document ID : KB000046538
Last Modified Date : 14/02/2018
Show Technical Document Details

Issue:

I have configured ModSecurity in SSL mode and then Apache Web Server (httpd) won't startup. $SPECROOT/apache/logs/error.log shows the following error.

AH02577: Init: SSLPassPhraseDialog builtin is not supported on Win32 (key file C:/win32app/Spectrum/apache/conf/server.key)

Environment:  

Spectrum 10.1 or later on Windows

Cause:

SSLPassPhraseDialog is a directive within $SPECROOT/apache/conf/extra/httpd-ssl.conf that is not supported by Windows.

Resolution/Workaround:

We can remove passphrase set in the private key, i.e. server.key, using the following steps.

1. Backup $SPECROOT/apache/conf/extra/httpd-ssl.conf and modify it by commenting out the SSLPassPhraseDialog directive line in the file, i.e. adding "#" in front of the directive

#SSLPassPhraseDialog  builtin

2. Launch a bash login shell, go to $SPECROOT/apache/conf directory and rename $SPECROOT/apache/conf/server.key to server.key.org

        mv server.key server.key.org

3. Under $SPECROOT/apache/conf directory run openssl command to remove the passphrase

       openssl rsa -in server.key.org -out server.key 

    When you are prompted "Enter pass phrase for server.key.org:" enter the passphrase and then when successful you get "writing RSA key" message. 

        4. Restart Apache Web Server

Additional Information: 

Enable ModSecurity in SSL Mode