a little SSL help?

Jake McHenry linux at nittanytravel.com
Tue Jun 21 21:00:58 UTC 2005 

----- Original Message ----- 
From: "Jake McHenry" <linux at nittanytravel.com>
To: "For users of Fedora Core releases" <fedora-list at redhat.com>
Sent: Tuesday, June 21, 2005 2:33 PM
Subject: Re: a little SSL help?


> ----- Original Message ----- 
> From: "Jake McHenry" <linux at nittanytravel.com>
> To: <fedora-list at redhat.com>
> Sent: Tuesday, June 21, 2005 12:19 PM
> Subject: a little SSL help?
>
>
>> Hi everyone,
>>
>> my RH9 server just blew up, hard drive failure, so I installed FC3.
>>
>> I am in the middle of setting up httpd, trying to get our ssl cert 
>> installed and working, but having some problems.
>>
>> If I issue a self signed cert, it works fine, but when I put in the valid 
>> signed cert, httpd fails startup.
>>
>> Here is what's in the logs:
>>
>>
>>
>>
>> [root at ntlh httpd]# cat error_log
>> [Tue Jun 21 12:13:36 2005] [notice] suEXEC mechanism enabled (wrapper: 
>> /usr/sbin/suexec)
>>
>> [root at ntlh httpd]# cat secure.ssl_error_log
>> [Tue Jun 21 12:13:36 2005] [error] Init: Private key not found
>> [Tue Jun 21 12:13:36 2005] [error] SSL Library Error: 218710120 
>> error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad tag
>> [Tue Jun 21 12:13:36 2005] [error] SSL Library Error: 218529960 
>> error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
>> [Tue Jun 21 12:13:36 2005] [error] SSL Library Error: 218595386 
>> error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
>> [Tue Jun 21 12:13:36 2005] [error] SSL Library Error: 218734605 
>> error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib
>>
>>
>>
>>
>> I'm searching for this on google now, I need this up, my boss isn't 
>> happy. If anyone knows what I should do, please let me know!
>>
>>
>>
>>
>> Thanks,
>> Jake McHenry
>>
>> Nittany Travel MIS Coordinator
>> http://www.nittanytravel.com
>> (570) 748-6611 x108
>>
>>
>>
>> -- 
>> fedora-list mailing list
>> fedora-list at redhat.com
>> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
>>
>
>
>
> I just got off phone with ssl company, told them what happend, they said 
> to just send them a new csr. I did, got new crt back. Moved all files into 
> same directory /etc/httpd/conf/ssl:
>
> [root at ntlh ssl]# ls -laF
> total 48
> drwxr-xr-x  2 root root 4096 Jun 21 14:13 ./
> drwxr-xr-x  8 root root 4096 Jun 21 13:49 ../
> -rw-------  1 root root 1851 Jun 21 13:38 ca-bundle.crt
> -rw-r--r--  1 root root 1903 Jun 21 14:13 server.crt
> -rw-------  1 root root  798 Jun 21 13:48 server.csr
> -rw-------  1 root root  887 Jun 21 13:48 server.key
>
>
>
> I changed the ssl.conf file to point to these:
>
>
> SSLCertificateFile "/etc/httpd/conf/ssl/server.crt"
> SSLCertificateKeyFile "/etc/httpd/conf/ssl/server.key"
> SSLCACertificateFile "/etc/httpd/conf/ssl/ca-bundle.crt"
>
>
> I have tried different permissions on the files, currently set to above, 
> still having problem.
>
> When I try to start httpd, it shows this on screen:
>
> [root at ntlh ssl]# service httpd start
> Starting httpd: Syntax error on line 35 of /etc/httpd/conf.d/ssl.conf:
> SSLCertificateFile: file '/etc/httpd/conf/ssl/server.crt' does not exist 
> or is empty
>                                                           [FAILED]
>
>
>
> And for some reason there is nothing being put into the log files about 
> this??????????????????????
>
>
> Thanks,
> Jake
>
> -- 
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
>



Ok, not sure what is wrong.... I've moved the SSLCertificateFile up and down 
in order, and it's ALWAYS the FIRST one listed in ssl.conf. The files are 
there, owned by apache, who is running httpd. I have tried them owned as 
root, same problem. What should the permissions be on the files and 
directories in /etc/httpd?

More information about the fedora-list mailing list