A client of ours just renewed his ssl certificate. When we installed the new cert, apache gave the old:
saero44 ~> tail /usr/local/apache/logs/error_log [Fri Oct 26 14:27:36 2007] [error] ApacheSSLSetCertStuff failed [Fri Oct 26 14:28:11 2007] [crit] unable to set private key [Fri Oct 26 14:28:11 2007] [crit] error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch [Fri Oct 26 14:28:11 2007] [error] ApacheSSLSetCertStuff failed [Fri Oct 26 14:28:23 2007] [crit] unable to set private key [Fri Oct 26 14:28:23 2007] [crit] error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch [Fri Oct 26 14:28:23 2007] [error] ApacheSSLSetCertStuff failed [Fri Oct 26 14:40:20 2007] [crit] unable to set private key [Fri Oct 26 14:40:20 2007] [crit] error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch [Fri Oct 26 14:40:20 2007] [error] ApacheSSLSetCertStuff failed
Here are the ssl directives from httpd.conf
SSLCertificateFile /home/spectrum/ssl/secure.spectrum.aero.crt
SSLCertificateKeyFile /home/spectrum/ssl/secure.spectrum.aero.key
#SSLCertificateChainFile /home/spectrum/ssl/secure.spectrum.aero.ca-bundle
SSLCACertificateFile /home/spectrum/ssl/secure.spectrum.aero.ca-bundle
...and to make sure that the keys match...
saero44 ~> openssl rsa -noout -modulus -in /home/spectrum/ssl/secure.spectrum.aero.key | openssl md5 bc8baf22c8619f29632dee48a4003ece
saero44 ~> openssl x509 -noout -modulus -in /home/spectrum/ssl/secure.spectrum.aero.crt | openssl md5 bc8baf22c8619f29632dee48a4003ece
saero44 ~>
When we point the server back to the old certificates, it starts w/o errors.
I'm stumped. Ideas, anyone?
|