#1  
Old 29th October 2009, 21:40
unclecameron unclecameron is offline
Senior Member
 
Join Date: Apr 2006
Posts: 115
Thanks: 2
Thanked 8 Times in 7 Posts
Default apache mod_ssl crashes

apache crashes on a virtual host attempting to read a .csr with
Code:
[error] Init: Unable to read server certificate from file /etc/apache2/ssl/www.mydomain.csr
[error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
this same box has several other static IP ssl's as virtual hosts, where I cp'ed the virtual host directive for use with this domain, used the same commands to create the .csr of:
Code:
openssl genrsa -des3 -out www.mydomain.key 2048
openssl req -new -key www.mydomain.key -out www.mydomain.csr
where my virtual host directive is:
Code:
NameVirtualHost 1.2.3.4:443
 <VirtualHost 1.2.3.4:443>
 SSLEngine on
SSLCertificateFile /etc/apache2/ssl/www.mydomain.com.csr
#SSLCertificateFile /etc/apache2/ssl/www.mydomain.com.crt
SSLCertificateKeyFile /etc/apache2/ssl/www.mydomain.com.key
...
</VirtualHost>
It seems somehow openssl is giving me a bogus cert, but these are the same steps I took on the last domain with static IP on this box. I double-checked I'm using a .csr not a .crt and the ssl files are in the right directory. Also, apache2ctl configtest doesn't catch the error until I enable the site and it crashes all the sites on the server
Reply With Quote
Sponsored Links
  #2  
Old 30th October 2009, 15:37
Ben Ben is offline
Moderator
 
Join Date: Jul 2006
Posts: 1,029
Thanks: 7
Thanked 62 Times in 56 Posts
Default

But what shall the apache do with the csr, as this is just a signing request for a certificate. After having created the cert and its key, you do not need the csr anymore.

This will also explain the errormessage you are referring to, as it is a signing request and not a certificate:
Quote:
[error] Init: Unable to read server certificate from file /etc/apache2/ssl/www.mydomain.csr
[error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
Reply With Quote
  #3  
Old 30th October 2009, 16:41
unclecameron unclecameron is offline
Senior Member
 
Join Date: Apr 2006
Posts: 115
Thanks: 2
Thanked 8 Times in 7 Posts
 
Default

the crt issuer needs a FQDN csr before they issue a crt, so I can't get that far, this is just the csr part, the .crt line is commented out for that reason.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache crashes; error message on restart Tipem Server Operation 5 3rd September 2009 16:19
problems with suexec gobokster Installation/Configuration 7 7th May 2009 13:33
CENTOS 5 Ping Problem gAnDo Server Operation 11 28th March 2008 20:58
Centos 4.4 32bit Hangs, High Server load 3cwired_com Server Operation 11 16th November 2006 15:47
Problem with the installation of Dokeos (LMS) in ISPConfig jofranco General 4 28th April 2006 00:45


All times are GMT +2. The time now is 20:12.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.