|
Home > Archive > Web Servers on Unix and Linux > July 2004 > SSL configuration problems
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
SSL configuration problems
|
|
| Reply Via News Group Please 2004-07-09, 3:34 pm |
|
Folks,
I believe I've gone a fair distance in configuring my development box
with SSL - I'll need to do this on another server soon, and I will have
a real certificate by then, but my understanding is I can use/create my
own - but I don't know how.
Can someone confirm first though that I do have my configuration files
configured properly. When I start apache using apachectl start, I get
the following messages in ssl_engine.log
[07/Jul/2004 12:11:09 25974] [info] Server: Apache/1.3.31, Interface:
mod_ssl/2.8.17, Library: OpenSSL/0.9.7a
[07/Jul/2004 12:11:09 25974] [info] Init: 1st startup round (still not
detached)
[07/Jul/2004 12:11:09 25974] [info] Init: Initializing OpenSSL library
[07/Jul/2004 12:11:09 25974] [info] Init: Seeding PRNG with 136 bytes
of entropy
[07/Jul/2004 12:11:09 25974] [info] Init: Generating temporary RSA
private keys (512/1024 bits)
[07/Jul/2004 12:11:10 25974] [info] Init: Configuring temporary DH
parameters (512/1024 bits)
[07/Jul/2004 12:11:11 25975] [info] Init: 2nd startup round (already
detached)
[07/Jul/2004 12:11:11 25975] [info] Init: Reinitializing OpenSSL library
[07/Jul/2004 12:11:11 25975] [info] Init: Seeding PRNG with 136 bytes
of entropy
[07/Jul/2004 12:11:11 25975] [info] Init: Configuring temporary RSA
private keys (512/1024 bits)
[07/Jul/2004 12:11:11 25975] [info] Init: Configuring temporary DH
parameters (512/1024 bits)
[07/Jul/2004 12:11:11 25975] [info] Init: Initializing (virtual)
servers for SSL
This, I believe tells me that my server is up and working for SSL, but I
don't see any failure messages, so why can I not see my test index.html
file by contacting the port directly, either by hostname, or IP and
appending :443 to the address?
When I start using:
apachectl startssl
it tells me httpd could not be started.
My error log file (and ssl_enging.log) file tell me:
[Wed Jul 7 12:12:32 2004] [error] mod_ssl: Init: Unable to read server
certificate from file /opt/apache/conf/ssl.crt/server.crt (OpenSSL
library error follows)
[Wed Jul 7 12:12:32 2004] [error] OpenSSL: error:0D06B08E:asn1 encoding
routines:ASN1_d2i_bio:not enough data
[Wed Jul 7 12:15:04 2004] [error] mod_ssl: Init: Unable to read server
certificate from file /opt/apache/conf/ssl.crt/server.crt (OpenSSL
library error follows)
[Wed Jul 7 12:15:04 2004] [error] OpenSSL: error:0D06B08E:asn1 encoding
routines:ASN1_d2i_bio:not enough data
Thus, from the above, I believe its certificate related.
Can someone confirm 1) that that is likely to be the problem and 2) how
I go about createing my own dummy certificate?
Please reply to the newsgroup for all to share/learn - thanks in advance
for your help,
randell d.
| |
| Reply Via News Group Please 2004-07-09, 3:34 pm |
|
Please... please... pleaseeee... help...
My original earlier post I think is near resolved... I didn't do a make
certificate when compiling apache - I found reference to it on google
but nothing explicitly anywhere else, so I tried it and it compiled well...
The problem now is, if I use apacectl startssl it fails with:
Apache:mod_ssl:Error: Private key not found.
**Stopped
/usr/local/bin/rcapache startssl: httpd could not be started
How do I pass it the private key? I've searched google and not found an
explicit reference on how to fix this, though I do find reference
talking about the reason behind it.
All help would be greatly appreciated, via the newsgroup, so all can learn.
Thanks in advance
randell d.
|
|
|
|
|