a little SSL help?

Jake McHenry linux at nittanytravel.com
Tue Jun 21 18:33:57 UTC 2005 

----- Original Message ----- 
From: "Jake McHenry" <linux at nittanytravel.com>
To: <fedora-list at redhat.com>
Sent: Tuesday, June 21, 2005 12:19 PM
Subject: a little SSL help?


> Hi everyone,
>
> my RH9 server just blew up, hard drive failure, so I installed FC3.
>
> I am in the middle of setting up httpd, trying to get our ssl cert 
> installed and working, but having some problems.
>
> If I issue a self signed cert, it works fine, but when I put in the valid 
> signed cert, httpd fails startup.
>
> Here is what's in the logs:
>
>
>
>
> [root at ntlh httpd]# cat error_log
> [Tue Jun 21 12:13:36 2005] [notice] suEXEC mechanism enabled (wrapper: 
> /usr/sbin/suexec)
>
> [root at ntlh httpd]# cat secure.ssl_error_log
> [Tue Jun 21 12:13:36 2005] [error] Init: Private key not found
> [Tue Jun 21 12:13:36 2005] [error] SSL Library Error: 218710120 
> error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad tag
> [Tue Jun 21 12:13:36 2005] [error] SSL Library Error: 218529960 
> error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
> [Tue Jun 21 12:13:36 2005] [error] SSL Library Error: 218595386 
> error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
> [Tue Jun 21 12:13:36 2005] [error] SSL Library Error: 218734605 
> error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib
>
>
>
>
> I'm searching for this on google now, I need this up, my boss isn't happy. 
> If anyone knows what I should do, please let me know!
>
>
>
>
> Thanks,
> Jake McHenry
>
> Nittany Travel MIS Coordinator
> http://www.nittanytravel.com
> (570) 748-6611 x108
>
>
>
> -- 
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
>



I just got off phone with ssl company, told them what happend, they said to 
just send them a new csr. I did, got new crt back. Moved all files into same 
directory /etc/httpd/conf/ssl:

[root at ntlh ssl]# ls -laF
total 48
drwxr-xr-x  2 root root 4096 Jun 21 14:13 ./
drwxr-xr-x  8 root root 4096 Jun 21 13:49 ../
-rw-------  1 root root 1851 Jun 21 13:38 ca-bundle.crt
-rw-r--r--  1 root root 1903 Jun 21 14:13 server.crt
-rw-------  1 root root  798 Jun 21 13:48 server.csr
-rw-------  1 root root  887 Jun 21 13:48 server.key



I changed the ssl.conf file to point to these:


SSLCertificateFile "/etc/httpd/conf/ssl/server.crt"
SSLCertificateKeyFile "/etc/httpd/conf/ssl/server.key"
SSLCACertificateFile "/etc/httpd/conf/ssl/ca-bundle.crt"


I have tried different permissions on the files, currently set to above, 
still having problem.

When I try to start httpd, it shows this on screen:

[root at ntlh ssl]# service httpd start
Starting httpd: Syntax error on line 35 of /etc/httpd/conf.d/ssl.conf:
SSLCertificateFile: file '/etc/httpd/conf/ssl/server.crt' does not exist or 
is empty
                                                           [FAILED]



And for some reason there is nothing being put into the log files about 
this??????????????????????


Thanks,
Jake

More information about the fedora-list mailing list