> From: Lutz Jaenicke <[EMAIL PROTECTED]> > Organization: BTU Cottbus, Allgemeine Elektrotechnik > Reply-To: [EMAIL PROTECTED] > Date: Fri, 13 Feb 2004 08:32:17 +0100 > To: [EMAIL PROTECTED] > Subject: Re: Setting up multiple SSL certs on a mac 10.3 server problems > > On Thu, Feb 12, 2004 at 04:34:08PM +0000, Huw Jenkins wrote: >> Hi there, >> >> Having problems setting up multiple certs on a 10.3 box. I've got one >> running on the machine yet I can't seem to get any of the others to work I >> get this error message: >> >> [Thu Feb 12 09:19:22 2004] [error] mod_ssl: Init: >> (www.royalcaribbean.co.uk:16443) Ops, no RSA or DSA server >> certificate found?! >> [Thu Feb 12 09:19:22 2004] [error] mod_ssl: Init: >> (www.royalcaribbean.co.uk:16443) You have to perform a >> *full* server restart when you added or removed a >> certificate and/or key file >> [Thu Feb 12 09:19:28 2004] [error] mod_ssl: Init: Unable to >> read server certificate from file >> /etc/httpd/ssl.key/royal.crt (OpenSSL library error >> follows) >> [Thu Feb 12 09:19:28 2004] [error] OpenSSL: >> error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong >> tag >> [Thu Feb 12 09:19:28 2004] [error] OpenSSL: >> error:0D07803A:asn1 encoding >> routines:ASN1_ITEM_EX_D2I:nested asn1 error >> [Thu Feb 12 09:19:34 2004] [error] mod_ssl: Init: Unable to >> read server certificate from file >> /etc/httpd/ssl.key/royal.crt (OpenSSL library error >> follows) >> [Thu Feb 12 09:19:34 2004] [error] OpenSSL: >> error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong >> tag >> [Thu Feb 12 09:19:34 2004] [error] OpenSSL: >> error:0D07803A:asn1 encoding >> routines:ASN1_ITEM_EX_D2I:nested asn1 error >> >> >> I know the cert's are OK. Definitely! I've been getting new ones off >> Geotrust (the techies there are really helpful!) and I've used everyway >> under the sun to input them. Still won't work tho. So I'm thinking the >> problem lies somewhere else! Anyone got any idea what could be going wrong? > > The error message indicates, that the contents of the certificate cannot > be correctly parsed. You should be able to verify this with the > openssl command line tool: > openssl x509 -in /etc/httpd/ssl.key/royal.crt -text > If the certificate is ok, you should see its contents here. But as the > tool is using the same routines as mod_ssl... > > Best regards, > Lutz
Having done this I've noticed that all the new files I have received from GeoTrust have the same result. I'm assuming that they can't all be bad! Therefore after many days of trying everything I must resort to the thought that my mod_ssl version and apache version are not right. I personally haven't updates either since I got another site working on that machine. But at this stage I can't rule anything out. Just quickly, how do I find out what version of apache and mod_ssl I'm running? I know that modssl.org will tell me what I need to know with regard to what is compatible with what. I just need to know what I'm running. Also does openssl have to be a correct version? If so how do I find that out? Any help would be gratefully received! Regards Huw ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
