Error when trying to start Apache after installing SSL cert

Posted by chris on Server Fault See other posts from Server Fault or by chris
Published on 2012-11-01T15:20:26Z Indexed on 2012/11/01 17:04 UTC
Read the original article Hit count: 1435

Filed under:
|
|

I am trying to install an SSL certificate, and I get the following errors:

AH02241: Init: Unable to read server certificate from file /path/my.crt
SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=X509)
AH02312: Fatal error initialising mod_ssl, exiting.

Here's the process I followed:

I generated my private key with:

openssl genrsa -out my.key 2048

I created the CSR with:

openssl req -new -key my.key -out my.csr

I provided the CSR to our IT department, and they returned a crt - it starts with

-----BEGIN CERTIFICATE-----

My ssl.conf has (my.example.com matches the Common name used during the generation of the CSR):

 <VirtualHost my.example.com:443>
   SSLEngine On
   ServerName my.example.com 
   SSLCertificateFile /path/my.crt
   SSLCertificateKeyFile /path/my.key
 </VirtualHost> 

I do not have SSLCertificateChainFile or SSLCACertificate file set.

The private key starts with

----BEGIN RSA PRIVATE KEY-----

The csr starts with

-----BEGIN CERTIFICATE REQUEST-----

I have verified that both:

openssl rsa -noout -modulus -in my.key
openssl req -noout -modulus -in my.csr 

produce the same output. I cannot figure out how to verify the crt - trying both x509 and rsa produce an error.

Should this process have worked? Can I verify that my.crt matches the key somehow?

© Server Fault or respective owner

Related posts about apache2

Related posts about ssl