Re: Setting up multiple SSL certs on a mac 10.3 server problems

Thu, 12 Feb 2004 23:33:01 -0800 

On Thu, Feb 12, 2004 at 04:34:08PM +0000, Huw Jenkins wrote:
> Hi there,
> 
> Having problems setting up multiple certs on a 10.3 box. I've got one
> running on the machine yet I can't seem to get any of the others to work I
> get this error message:
> 
> [Thu Feb 12 09:19:22 2004] [error] mod_ssl: Init:
> (www.royalcaribbean.co.uk:16443) Ops, no RSA or DSA server
> certificate found?!
> [Thu Feb 12 09:19:22 2004] [error] mod_ssl: Init:
> (www.royalcaribbean.co.uk:16443) You have to perform a
> *full* server restart when you added or removed a
> certificate and/or key file
> [Thu Feb 12 09:19:28 2004] [error] mod_ssl: Init: Unable to
> read server certificate from file
> /etc/httpd/ssl.key/royal.crt (OpenSSL library error
> follows)
> [Thu Feb 12 09:19:28 2004] [error] OpenSSL:
> error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong
> tag
> [Thu Feb 12 09:19:28 2004] [error] OpenSSL:
> error:0D07803A:asn1 encoding
> routines:ASN1_ITEM_EX_D2I:nested asn1 error
> [Thu Feb 12 09:19:34 2004] [error] mod_ssl: Init: Unable to
> read server certificate from file
> /etc/httpd/ssl.key/royal.crt (OpenSSL library error
> follows)
> [Thu Feb 12 09:19:34 2004] [error] OpenSSL:
> error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong
> tag
> [Thu Feb 12 09:19:34 2004] [error] OpenSSL:
> error:0D07803A:asn1 encoding
> routines:ASN1_ITEM_EX_D2I:nested asn1 error
> 
> 
> I know the cert's are OK. Definitely! I've been getting new ones off
> Geotrust (the techies there are really helpful!) and I've used everyway
> under the sun to input them. Still won't work tho. So I'm thinking the
> problem lies somewhere else! Anyone got any idea what could be going wrong?

The error message indicates, that the contents of the certificate cannot
be correctly parsed. You should be able to verify this with the
openssl command line tool:
  openssl x509 -in /etc/httpd/ssl.key/royal.crt -text
If the certificate is ok, you should see its contents here. But as the
tool is using the same routines as mod_ssl...

Best regards,
        Lutz
-- 
Lutz Jaenicke                             [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to