Re: "no start line"

Ralf S. Engelschall Tue, 9 Nov 1999 08:13:56 -0800
On Tue, Nov 09, 1999, [EMAIL PROTECTED] wrote:

> Please forgive a struggling newbie (and point him to the appropriate resource)
> if this is a well-known problem, but I am stumped.
> 
> Installed: Apache/1.3.3 (Unix) S.u.S.E./6.0
>            OpenSSL 0.9.4 09 Aug 1999
> 
> I don't know what version of mod_ssl is built into apache, but "httpd -l"
> shows mod_ssl as a module.

Just run SCCS's "what" or RCS's "indent" command on the "httpd" program. It
will then display the mod_ssl version.  BTW, from the above "SSLeay" tag we
can assume that you're using a rather old mod_ssl version...
 
> In httpd.conf I have the following line specifying the certificate to use:
> 
>    SSLCertificateFile     /etc/httpd/mycert.pem
> 
> The certificate was created using the following steps:
> 
>    openssl genrsa -des3 -out cakey.pem 2048
>    openssl req -new -x509 -days 350 -key cakey.pem -out cacert.pem
>    openssl genrsa -des3 -out mykey.pem 1024
>    openssl req -new -key mykey.pem -out myreq.pem
>    openssl ca -in myreq.pem -out mycert.pem
> 
> The following error message appears in the log when I start Apache with the
> -DSSL option:
> 
> [Tue Nov  9 14:30:46 1999] [crit] (2)No such file or directory: mod_ssl: Failed
> to read private key file /etc/httpd/mycert.pem
> [Tue Nov  9 14:30:46 1999] [error] SSLeay: error:0906D06C:PEM
> routines:PEM_read_bio:no start line
> 
> Having done a bit of looking in the FAQ and the mail archives, I found a
> similar, but not identical case. In that case, the answer (according to the
> respondent) was that the certificate had no start line. The certificate
> /etc/httpd/mycert.pem DOES however have a start line; the last part of the file
> is the certificate, and it looks like this (abbreviated):

No, read the message above: "No such file or directory". The PEM-error is just
a following error. Either /etc/httpd/mycert.pem isn't the correct path or the
permissions on the file or the /etc or /etc/httpd dirs are too restrictive,
etc. Check this first.

BTW, I cannot believe that you're using OpenSSL as mentioned, because why then
should mod_ssl use the "SSLeay" tag instead of "OpenSSL"?  I think your Apache
is built against SSLeay and not against OpenSSL...

                                       Ralf S. Engelschall
                                       [EMAIL PROTECTED]
                                       www.engelschall.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]
Re: "no start line"

Reply via email to
