Hi.
I am getting this error after I received the certificate from the root CA:
[error] Init: Unable to read server certificate from file /usr/local/apache/conf/ssl/server.crt
[error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
[error] SSL Library Error: 218640442 error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
Is it a problem with the certificate or something I should change in httpd.conf?
openssl x509 -noout -text -in /usr/local/apache/conf/ssl/server.crt
unable to load certificate
25764:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:647:Expecting: TRUSTED CERTIFICATE
What went wrong and any idea what to fix?
thanks
--- On Thu, 7/5/09, Prasanna Ram Venkatachalam <vpram86@xxxxxxxxx> wrote:
> From: Prasanna Ram Venkatachalam <vpram86@xxxxxxxxx>
> Subject: Re: ssl on apache
> To: users@xxxxxxxxxxxxxxxx
> Date: Thursday, 7 May, 2009, 11:28 AM
> Yes Correct!
>
>
> On Thu, May 7, 2009 at 1:50 PM,
> Melanie Pfefer <melanie_pfefer@xxxxxxxxxxx>
> wrote:
>
>
> Hi
>
> Let’s start from 0:
>
> I am following http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html
> to create a real certificate.
>
> openssl genrsa -des3 -out server.key 1024
> openssl req -new -key server.key -out server.csr
>
> now I need to send server.csr to the root CA to sign it. I
> should expect a certificate called server.crt. Correct?
>
>
> Then I use this server.crt and the server.key in apache.
> Correct?
>
> Thank you
>
>
>
> --- On Thu, 7/5/09, Davide Bianchi <davide@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
> wrote:
>
>
> > From: Davide Bianchi <davide@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
> > Subject: Re: ssl on apache
> > To: users@xxxxxxxxxxxxxxxx
>
> > Date: Thursday, 7 May, 2009, 11:10 AM
>
>
>
> > Melanie Pfefer wrote:
> > > Hi,
> > >
> > > I had an official signature from the root CA.
> > >
> > > Now how to generate the server.key and
> server.crt?
> >
>
> > If you have a 'key' that is used to sign the
> certificate,
> > simply use
> > THAT key to sign the certificate instead of using the
> key
> > you generated
> > yourself.
> >
> > Otherwise, please explain what you have.
>
> >
> >
> > --
> > If you want to travel around the world and be invited
> to
> > speak at a lot
> > of different places, just write a Unix operating
> system.
> > -- Linus Torvalds
> >
> >
> ---------------------------------------------------------------------
>
> > The official User-To-User support forum of the Apache
> HTTP
> > Server Project.
> > See <URL:http://httpd.apache.org/userslist.html>
> for more
>
> > info.
> > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
>
> > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> >
> >
>
>
>
>
> ---------------------------------------------------------------------
>
> The official User-To-User support forum of the Apache HTTP
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html>
> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>
> " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>
>
>
>
>
>
> --
> Prasanna Ram
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|