Error when trying to start Apache after installing SSL cert
Posted
by
chris
on Server Fault
See other posts from Server Fault
or by chris
Published on 2012-11-01T15:20:26Z
Indexed on
2012/11/01
17:04 UTC
Read the original article
Hit count: 1435
I am trying to install an SSL certificate, and I get the following errors:
AH02241: Init: Unable to read server certificate from file /path/my.crt
SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=X509)
AH02312: Fatal error initialising mod_ssl, exiting.
Here's the process I followed:
I generated my private key with:
openssl genrsa -out my.key 2048
I created the CSR with:
openssl req -new -key my.key -out my.csr
I provided the CSR to our IT department, and they returned a crt - it starts with
-----BEGIN CERTIFICATE-----
My ssl.conf has (my.example.com matches the Common name used during the generation of the CSR):
<VirtualHost my.example.com:443>
SSLEngine On
ServerName my.example.com
SSLCertificateFile /path/my.crt
SSLCertificateKeyFile /path/my.key
</VirtualHost>
I do not have SSLCertificateChainFile or SSLCACertificate file set.
The private key starts with
----BEGIN RSA PRIVATE KEY-----
The csr starts with
-----BEGIN CERTIFICATE REQUEST-----
I have verified that both:
openssl rsa -noout -modulus -in my.key
openssl req -noout -modulus -in my.csr
produce the same output. I cannot figure out how to verify the crt - trying both x509 and rsa produce an error.
Should this process have worked? Can I verify that my.crt matches the key somehow?
© Server Fault or respective owner