To: <[email protected]>
Sent: Tuesday, June 21, 2005 12:19 PM
Subject: a little SSL help?
my RH9 server just blew up, hard drive failure, so I installed FC3.
I am in the middle of setting up httpd, trying to get our ssl cert installed and working, but having some problems.
If I issue a self signed cert, it works fine, but when I put in the valid signed cert, httpd fails startup.
Here is what's in the logs:
[[email protected] httpd]# cat error_log
[Tue Jun 21 12:13:36 2005] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[[email protected] httpd]# cat secure.ssl_error_log
[Tue Jun 21 12:13:36 2005] [error] Init: Private key not found
[Tue Jun 21 12:13:36 2005] [error] SSL Library Error: 218710120 error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad tag
[Tue Jun 21 12:13:36 2005] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Tue Jun 21 12:13:36 2005] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
[Tue Jun 21 12:13:36 2005] [error] SSL Library Error: 218734605 error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib
I'm searching for this on google now, I need this up, my boss isn't happy. If anyone knows what I should do, please let me know!
Thanks, Jake McHenry
Nittany Travel MIS Coordinator http://www.nittanytravel.com (570) 748-6611 x108
-- fedora-list mailing list [email protected] To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
I just got off phone with ssl company, told them what happend, they said to just send them a new csr. I did, got new crt back. Moved all files into same directory /etc/httpd/conf/ssl:
[[email protected] ssl]# ls -laF total 48 drwxr-xr-x 2 root root 4096 Jun 21 14:13 ./ drwxr-xr-x 8 root root 4096 Jun 21 13:49 ../ -rw------- 1 root root 1851 Jun 21 13:38 ca-bundle.crt -rw-r--r-- 1 root root 1903 Jun 21 14:13 server.crt -rw------- 1 root root 798 Jun 21 13:48 server.csr -rw------- 1 root root 887 Jun 21 13:48 server.key
I changed the ssl.conf file to point to these:
SSLCertificateFile "/etc/httpd/conf/ssl/server.crt" SSLCertificateKeyFile "/etc/httpd/conf/ssl/server.key" SSLCACertificateFile "/etc/httpd/conf/ssl/ca-bundle.crt"
I have tried different permissions on the files, currently set to above, still having problem.
When I try to start httpd, it shows this on screen:
[[email protected] ssl]# service httpd start
Starting httpd: Syntax error on line 35 of /etc/httpd/conf.d/ssl.conf:
SSLCertificateFile: file '/etc/httpd/conf/ssl/server.crt' does not exist or is empty
And for some reason there is nothing being put into the log files about this??????????????????????