Re: ssl on apache

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, May 7, 2009 at 11:23 AM, Melanie Pfefer
<melanie_pfefer@xxxxxxxxxxx> wrote:
>
> Hi.
>
> I am getting this error after I received the certificate from the root CA:
>
> [error] Init: Unable to read server certificate from file /usr/local/apache/conf/ssl/server.crt
> [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
> [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
> [error] SSL Library Error: 218640442 error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
>
>
> Is it a problem with the certificate or something I should change in httpd.conf?
>
> openssl x509 -noout -text -in /usr/local/apache/conf/ssl/server.crt
> unable to load certificate
> 25764:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:647:Expecting: TRUSTED CERTIFICATE
>
> What went wrong and any idea what to fix?


It might be that there is a problem with the format of the certificate.

Try both:
openssl x509  -text  -inform DER -in /usr/local/apache/conf/ssl/server.crt
and
openssl x509  -text  -inform PEM -in /usr/local/apache/conf/ssl/server.crt

If the first works, but the second doesn't you received your
certificate in DER format. (Openssl expects PEM unless you tell it
otherwise)

You can convert it using:
openssl x509 -inform DER -outform PEM -in <infile> -out  <outfile>


Krist

-- 
krist.vanbesien@xxxxxxxxx
krist@xxxxxxxxxxxxx
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux