thanks heaps for the advise -- Ill try this now
as for the backpack -- macpac are the best company i think
anyone could work with -- and their packs/gear are bloody
good too.
have a look at demo.macpac.co.nz this is the
"testing/staging" of their new site (this is what the ssl is
for)
thanks again, I'll see how these tests go...
carl
On Sat, 2 Jun 2001 18:08:57 -0700 (PDT)
Geoff Thorpe <[EMAIL PROTECTED]> wrote:
> Hi there,
>
> On Sun, 3 Jun 2001, Carl Bowden wrote:
>
> > but apachectl startssl refuses to start
> >
> > this is the /var/log/httpd/ssl_engine_log:
> > [03/Jun/2001 10:59:15 06923] [info] Server:
> Apache/1.3.19,
> > Interface: mod_ssl/2.8.3, Library: OpenSSL/0.9.6a
> > [03/Jun/2001 10:59:15 06923] [info] Init: 1st startup
> round
> > (still not detached)
> > [03/Jun/2001 10:59:15 06923] [info] Init: Initializing
> > OpenSSL library
> > [03/Jun/2001 10:59:15 06923] [info] Init: Loading
> > certificate & private key of SSL-aware server
> > secure.macpac.co.nz:443
> > [03/Jun/2001 10:59:15 06923] [error] Init: Private key
> not
> > found (OpenSSL library error follows)
> > [03/Jun/2001 10:59:15 06923] [error] OpenSSL:
> > error:0D084064:asn1 encoding routines:d2i_ASN1_SET:bad
> class
> > [03/Jun/2001 10:59:15 06923] [error] OpenSSL:
> > error:0D09D082:asn1 encoding
> routines:d2i_RSAPrivateKey:parsing
> > [03/Jun/2001 10:59:15 06923] [error] OpenSSL:
> > error:0D09B00D:asn1 encoding
> routines:d2i_PrivateKey:ASN1
> > lib
> >
> > the key really is there but i cant find any info on
> this bad
> > class error
>
> Weird, it looks like the problem is nothing really to do
> with mod_ssl - the
> loading of the key itself seems to be having decoding
> errors. Can you run a
> couple of checks on the key file? (and don't mail me or
> the list any output
> containing data about your key :-).
>
> * Run the key file through;
> openssl asn1parse -inform PEM -in <keyfile.pem> -i
> Does it also report decoding errors or does the data
> appear well-formed?
>
> * Check the text in the key file - does it have any weird
> line-wrapping problems
> or anything else obvious to distinguish it from a
> known-to-work key file (eg.
> a demo test cert and key created by mod_ssl's "make
> certificate" target).
>
> * Try running openssl's "s_server" using a combination of
> your key, certificate,
> and CA file;
> openssl s_server -key <keyfile.pem> -cert
> <certfile.pem> \
> -CAfile <cafile.pem> -state -www
> If that starts without an error, the keyfile should be
> OK - but you can make
> sure by hitting it with a web-browser or openssl'
> "s_client" to double-check
> everything.
>
> Hope that helps? (And if it does, can I get a free
> backpack next time I'm back
> home? (Wellington BTW, I noticed it was an "NZ" domain
> ... :-)).
>
> Cheers,
> Geoff
>
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)
> www.modssl.org
> User Support Mailing List
> [EMAIL PROTECTED]
> Automated List Manager
> [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
