Installing SSL certificate causes the server to fail when restarting

Question

I received my certificate by email and then created the necessary files and copied it over. I went to restart my server and received the following errors.

[Wed Feb 08 13:02:06 2012] [error] Init: Unable to read server certificate from file /home/sslcertificates/mydomain.crt [Wed Feb 08 13:02:06 2012] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag [Wed Feb 08 13:02:06 2012] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error

Does anyone have any ideas?

Answer 1

Another possible source of failure which causes this errror message is: Instead of the certificate file I linked to the certification request file. It's recognizable when you read the first line of the file: Either

-----BEGIN CERTIFICATE REQUEST----- 

Or

-----BEGIN CERTIFICATE-----     

:-)

Answer 2

Situation: Apache 2.4 using the StartSSL cert generating ASN encoding error

Issue:

AH02564: Failed to configure encrypted (?) private key <domain>.com:80:0, check /etc/pki/tls/certs/ssl.key 

Some SSL issuers encrypts the ssl key files by default so make sure decrypt it at the server and point it from Virtual Host.

Simply echo the key file to make sure it is not encrypted.

Decrypt the key file for the mod_ssl

openssl rsa -in ssl.key -out ssl.key 

For SSL config in the Apache conf (httpd.conf) add the following configurations and restart the Apache.

# SSL <VirtualHost *:443>     ServerName gajen.com     SSLCertificateKeyFile /etc/pki/tls/certs/ssl.key     SSLCertificateFile /etc/pki/tls/certs/ssl.crt     SSLCertificateChainFile /etc/pki/tls/certs/root.ca.pem </VirtualHost> 

For troubleshooting:

• Debug the Apache first tail 50 /var/log/httpd/error_log
• Debug the mod_ssl tail 50 /var/log/httpd/ssl_error_log