a little SSL help?

Alexander Dalloz ad+lists at uni-x.org
Tue Jun 21 16:52:40 UTC 2005 

Am Di, den 21.06.2005 schrieb Jake McHenry um 18:19:

> my RH9 server just blew up, hard drive failure, so I installed FC3.
> 
> I am in the middle of setting up httpd, trying to get our ssl cert installed 
> and working, but having some problems.
> 
> If I issue a self signed cert, it works fine, but when I put in the valid 
> signed cert, httpd fails startup.
> 
> Here is what's in the logs:

> [root at ntlh httpd]# cat secure.ssl_error_log
> [Tue Jun 21 12:13:36 2005] [error] Init: Private key not found

As Leonard already said: the private key part is missing.

> [Tue Jun 21 12:13:36 2005] [error] SSL Library Error: 218710120 
> error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad tag
> [Tue Jun 21 12:13:36 2005] [error] SSL Library Error: 218529960 
> error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
> [Tue Jun 21 12:13:36 2005] [error] SSL Library Error: 218595386 
> error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
> [Tue Jun 21 12:13:36 2005] [error] SSL Library Error: 218734605 
> error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib

> I'm searching for this on google now, I need this up, my boss isn't happy. 
> If anyone knows what I should do, please let me know!

> Jake McHenry

The default locations according /etc/httpd/conf.d/ssl.conf are for the

a) public cert: /etc/httpd/conf/ssl.crt/
b) private key: /etc/httpd/conf/ssl.key/

It does not matter how you call the files, at least as the names match
the settings in the ssl.conf; i.e.

SSLCertificateFile /etc/httpd/conf/ssl.crt/apache.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/apache.key

Alexander


-- 
Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.27_FC2smp 
Serendipity 18:49:09 up 3:03, 16 users, 0.00, 0.04, 0.07 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20050621/e4129991/attachment-0001.sig>

More information about the fedora-list mailing list