|

»

»

mod_ssl - Users

Issue setting up a Verisign certificate

View: New views

3 Messages — Rating Filter: Alert me

	Issue setting up a Verisign certificate by Diilb :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message I have generated a CSR, sent it to Verisign and they sent me back a cer file that I have renamed to public.crt. As per their support instructions I installed their Intermediate CA (https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AR193) My virtualhost configuration is as follows: SSLEngine on SSLCertificateFile /etc/apache2/public.crt SSLCertificateKeyFile /etc/apache2/private.key SSLCACertificateFile /etc/apache2/interm.crt I am getting this error when trying to start Apache: [Mon Jul 27 16:05:07 2009] [error] Init: Unable to read server certificate from file /etc/apache2/secure.canadaeast.com.public.crt [Mon Jul 27 16:05:07 2009] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag [Mon Jul 27 16:05:07 2009] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error Any thoughts, because I am at a loss and am not interested in wait on how 35 minutes to speak to their support people. Thanks! ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@... Automated List Manager majordomo@...
	Re: Issue setting up a Verisign certificate by Victoriano Giralt :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Robin escribió: \| My virtualhost configuration is as follows: \| \| SSLEngine on \| SSLCertificateFile /etc/apache2/public.crt - ------------------------^ \| SSLCertificateKeyFile /etc/apache2/private.key \| SSLCACertificateFile /etc/apache2/interm.crt I think this does not belong here, but I might be wrong. \| [Mon Jul 27 16:05:07 2009] [error] Init: Unable to read server \| certificate from file /etc/apache2/secure.canadaeast.com.public.crt - -------------------------------^ It seems your Apache is looking for the cert in a different file than you think. Probably because there is a different virtual host configuration for the SSL one. - -- - --------------------------------------------------------------------------- G & S Sistemas de Informacion, S.L. \| Teléfono: 9 02 01 44 43 Victoriano Giralt \| Land line: +34-952-207-241 Torre de San Telmo, 8 \| Mobile: +34-670-332-720 E-29018 Malaga (Spain) \| http://www.gssi.es/ - --------------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org iD8DBQFKbgIWWHlx3l8ZumwRAk81AJ9aINiS57WlUCvEpHLboAsERThPdACfTp2f DZnobVXEnFsucQbkMINLcXQ= =SRHR -----END PGP SIGNATURE----- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@... Automated List Manager majordomo@...
	Re: Issue setting up a Verisign certificate by Lou Picciano :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Some parts of this message have been removed. Learn more about Nabble's security policy. Robin, Be sure Verisign's 'root' certificate is installed in your browser's certificate store - this is probably already done by default. Then, verify what this is pointing to (from your own log file): Unable to read server certificate from file /etc/apache2/secure.canadaeast.com.public.crt Verify that your apache config file doesn't have one of the 'alternate' certificate pointer directives activated. Various configurations 'bundle' certs together in concatenated form, for example. Be sure also that your VerifyDepth is set appropriately... Looks like a depth of at least 3 levels to me. ----- Original Message ----- From: "Robin" <diilbert.atlantis@...> To: modssl-users@... Sent: Monday, July 27, 2009 3:25:53 PM GMT -05:00 US/Canada Eastern Subject: Issue setting up a Verisign certificate I have generated a CSR, sent it to Verisign and they sent me back a cer file that I have renamed to public.crt. As per their support instructions I installed their Intermediate CA (https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AR193) My virtualhost configuration is as follows: SSLEngine on SSLCertificateFile /etc/apache2/public.crt SSLCertificateKeyFile /etc/apache2/private.key SSLCACertificateFile /etc/apache2/interm.crt I am getting this error when trying to start Apache: [Mon Jul 27 16:05:07 2009] [error] Init: Unable to read server certificate from file /etc/apache2/secure.canadaeast.com.public.crt [Mon Jul 27 16:05:07 2009] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag [Mon Jul 27 16:05:07 2009] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error Any thoughts, because I am at a loss and am not interested in wait on how 35 minutes to speak to their support people. Thanks! ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@... Automated List Manager majordomo@...