I received my certificate by email and then created the necessary files and copied it over. I went to restart my server and received the following errors.
[Wed Feb 08 13:02:06 2012] [error] Init: Unable to read server certificate from file /home/sslcertificates/mydomain.crt [Wed Feb 08 13:02:06 2012] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag [Wed Feb 08 13:02:06 2012] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
Does anyone have any ideas?
Root certificate installation on Windows should never require a restart.
Another possible source of failure which causes this errror message is: Instead of the certificate file I linked to the certification request file. It's recognizable when you read the first line of the file: Either
-----BEGIN CERTIFICATE REQUEST-----
Or
-----BEGIN CERTIFICATE-----
:-)
Situation: Apache 2.4 using the StartSSL cert generating ASN encoding error
Issue:
AH02564: Failed to configure encrypted (?) private key <domain>.com:80:0, check /etc/pki/tls/certs/ssl.key
Some SSL issuers encrypts the ssl key files by default so make sure decrypt it at the server and point it from Virtual Host.
Simply echo the key file to make sure it is not encrypted.
Decrypt the key file for the mod_ssl
openssl rsa -in ssl.key -out ssl.key
For SSL config in the Apache conf (httpd.conf) add the following configurations and restart the Apache.
# SSL <VirtualHost *:443> ServerName gajen.com SSLCertificateKeyFile /etc/pki/tls/certs/ssl.key SSLCertificateFile /etc/pki/tls/certs/ssl.crt SSLCertificateChainFile /etc/pki/tls/certs/root.ca.pem </VirtualHost>
For troubleshooting:
tail 50 /var/log/httpd/error_log
tail 50 /var/log/httpd/ssl_error_log
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With