Saturday, May 23, 2015

Apache cannot read certificate file




I use self-signed certificates with no issue but today I have tried to create a SSL certificate for commercial use. But apache doesn't start and gives the following error:



Notice: I have confirmed that crt file is valid as CSR decoder loads the content as well.



AH02241: Init: Unable to read server certificate from file XXXX/XXXX/XXXX.csr
SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=X509)
AH02312: Fatal error initialising mod_ssl, exiting.




Softwares: OpenSSL 1.0.1e 11 Feb 2013 , Apache HTTP 2.4.6


Answer



Looks like you are using CSR instead of the certificate file. Make sure you have created self-signed certificate with
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
and use the server.crt in the SSLCertificateFile setting in apache ssl config.
If you are using a commercial signing authority you must use the certificate provided by the authority and not the signing request generated.


No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...