Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Installing SSL certificate causes the server to fail when restarting

Tags:

I received my certificate by email and then created the necessary files and copied it over. I went to restart my server and received the following errors.

[Wed Feb 08 13:02:06 2012] [error] Init: Unable to read server certificate from file /home/sslcertificates/mydomain.crt [Wed Feb 08 13:02:06 2012] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag [Wed Feb 08 13:02:06 2012] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error

Does anyone have any ideas?

like image 607
ORStudios Avatar asked Feb 08 '12 13:02

ORStudios


People also ask

Do I need to restart after installing SSL certificates?

Root certificate installation on Windows should never require a restart.


2 Answers

Another possible source of failure which causes this errror message is: Instead of the certificate file I linked to the certification request file. It's recognizable when you read the first line of the file: Either

-----BEGIN CERTIFICATE REQUEST----- 

Or

-----BEGIN CERTIFICATE-----     

:-)

like image 120
Heinrich Avatar answered Oct 19 '22 05:10

Heinrich


Situation: Apache 2.4 using the StartSSL cert generating ASN encoding error

Issue:

AH02564: Failed to configure encrypted (?) private key <domain>.com:80:0, check /etc/pki/tls/certs/ssl.key 

Some SSL issuers encrypts the ssl key files by default so make sure decrypt it at the server and point it from Virtual Host.

Simply echo the key file to make sure it is not encrypted.

enter image description here

Decrypt the key file for the mod_ssl

openssl rsa -in ssl.key -out ssl.key 

For SSL config in the Apache conf (httpd.conf) add the following configurations and restart the Apache.

enter image description here

# SSL <VirtualHost *:443>     ServerName gajen.com     SSLCertificateKeyFile /etc/pki/tls/certs/ssl.key     SSLCertificateFile /etc/pki/tls/certs/ssl.crt     SSLCertificateChainFile /etc/pki/tls/certs/root.ca.pem </VirtualHost> 

For troubleshooting:

  • Debug the Apache first tail 50 /var/log/httpd/error_log
  • Debug the mod_ssl tail 50 /var/log/httpd/ssl_error_log
like image 38
Gajen Sunthara Avatar answered Oct 19 '22 06:10

Gajen Sunthara