Apache – SSLCertificateKeyFile: File Does Not Exist or Is Empty

I am configuring SSL for Apache 2. My system is Ubuntu Server 10.04 LTS. I have the following settings related to SSL in my vhost configuration:

SSLEngine On
SSLCertificateKeyFile /etc/ssl/private/server.insecure.key
SSLCertificateFile    /etc/ssl/certs/portal.selfsigned.crt

(Side note: I am using .insecure for the key file because the file is not passphrase-protected, and I like to clearly see that it is an insecure key file)

So, when I restart apache I get the following message:

Syntax error on line 39 of /etc/apache2/sites-enabled/500-portal-https:
SSLCertificateKeyFile: file '/etc/ssl/private/server.insecure.key' does not exist or is empty
Error in syntax. Not restarting.

But the file is there, and is not empty (actually it contains a private key):

sudo ls -l /etc/ssl/private/server.insecure.key
-rw-r----- 1 root www-data 887 2012-08-07 15:14 /etc/ssl/private/server.insecure.key
sudo ls -ld /etc/ssl/private/
drwx--x--- 2 root www-data 4096 2012-08-07 13:02 /etc/ssl/private/

I have tried changing the ownership, using two groups www-data and ssl-cert. I am not sure which is the right one in Ubuntu: by default Ubuntu uses ssl-cert, but on the other hand the apache processes run with user www-data: it is started by user root, but changes to www-data at some point, and I am not sure when are the certificates read.

But anyway, changing the group owner has not improved the situation. My questions are:

1. What else could I try to get this working?
2. How can I verify that my keyfile is a valid keyfile?
3. How can I verify that the keyfile and the certificate (/etc/ssl/certs/portal.selfsigned.crt) work together?

I think that Apache is giving a misleading error message, and I would like to pinpoint the error.