Re: a little SSL help?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

----- Original Message ----- From: "Jake McHenry" <linux@xxxxxxxxxxxxxxxxx>
To: <fedora-list@xxxxxxxxxx>
Sent: Tuesday, June 21, 2005 12:19 PM
Subject: a little SSL help?


Hi everyone,

my RH9 server just blew up, hard drive failure, so I installed FC3.

I am in the middle of setting up httpd, trying to get our ssl cert installed and working, but having some problems.

If I issue a self signed cert, it works fine, but when I put in the valid signed cert, httpd fails startup.

Here is what's in the logs:




[root@ntlh httpd]# cat error_log
[Tue Jun 21 12:13:36 2005] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)

[root@ntlh httpd]# cat secure.ssl_error_log
[Tue Jun 21 12:13:36 2005] [error] Init: Private key not found
[Tue Jun 21 12:13:36 2005] [error] SSL Library Error: 218710120 error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad tag
[Tue Jun 21 12:13:36 2005] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Tue Jun 21 12:13:36 2005] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
[Tue Jun 21 12:13:36 2005] [error] SSL Library Error: 218734605 error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib




I'm searching for this on google now, I need this up, my boss isn't happy. If anyone knows what I should do, please let me know!




Thanks,
Jake McHenry

Nittany Travel MIS Coordinator
http://www.nittanytravel.com
(570) 748-6611 x108



--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list




I just got off phone with ssl company, told them what happend, they said to just send them a new csr. I did, got new crt back. Moved all files into same directory /etc/httpd/conf/ssl:

[root@ntlh ssl]# ls -laF
total 48
drwxr-xr-x  2 root root 4096 Jun 21 14:13 ./
drwxr-xr-x  8 root root 4096 Jun 21 13:49 ../
-rw-------  1 root root 1851 Jun 21 13:38 ca-bundle.crt
-rw-r--r--  1 root root 1903 Jun 21 14:13 server.crt
-rw-------  1 root root  798 Jun 21 13:48 server.csr
-rw-------  1 root root  887 Jun 21 13:48 server.key



I changed the ssl.conf file to point to these:


SSLCertificateFile "/etc/httpd/conf/ssl/server.crt"
SSLCertificateKeyFile "/etc/httpd/conf/ssl/server.key"
SSLCACertificateFile "/etc/httpd/conf/ssl/ca-bundle.crt"


I have tried different permissions on the files, currently set to above, still having problem.

When I try to start httpd, it shows this on screen:

[root@ntlh ssl]# service httpd start
Starting httpd: Syntax error on line 35 of /etc/httpd/conf.d/ssl.conf:
SSLCertificateFile: file '/etc/httpd/conf/ssl/server.crt' does not exist or is empty
[FAILED]



And for some reason there is nothing being put into the log files about this??????????????????????


Thanks,
Jake

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux