I use self-signed certificates with no issue but today I have tried to create a SSL certificate for commercial use. But apache doesn't start and gives the following error:
Notice: I have confirmed that crt file is valid as CSR decoder loads the content as well.
AH02241: Init: Unable to read server certificate from file XXXX/XXXX/XXXX.csr
SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=X509)
AH02312: Fatal error initialising mod_ssl, exiting.
Softwares: OpenSSL 1.0.1e 11 Feb 2013 , Apache HTTP 2.4.6
Answer
Looks like you are using CSR instead of the certificate file. Make sure you have created self-signed certificate with openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
and use the server.crt in the SSLCertificateFile setting in apache ssl config.
If you are using a commercial signing authority you must use the certificate provided by the authority and not the signing request generated.
No comments:
Post a Comment