SSLCACertificateFile crashes Apache

Tue, 07 Feb 2006 11:49:32 -0800 

Hi --

I'm experiencing a problem setting up SSL using mod_ssl.

I'm trying to get ssl running on my client's ISP-hosted virtual server:
Apache/1.3.27 (Unix)  (Red-Hat/Linux) mod_ssl/2.8.12 OpenSSL/0.9.6b PHP/4.4.1

I have a cert from Comodo.
SSL works properly for my recent browsers (Firefox 1.07, IE 6.0) but an older version of Opera doesn't recognize the cert and prompts the user to accept it.
That situation should be fixed by installing the ca-bundle file supplied by Comodo, and setting the SSLCACertificateFile parameter in httpd.conf. 

However, when I add the line
SSLCACertificateFile    /path/to/comodo-ca-bundle

Apache dies when restarting, and logs the following OpenSSL errors:
[07/Feb/2006 11:57:08 25653] [error] Init: (www.domain.com:443) Unable to configure verify locations for client authentication (OpenSSL library error follows) [07/Feb/2006 11:57:08 25653] [error] OpenSSL: error:02001002:system library:fopen:No such file or directory [07/Feb/2006 11:57:08 25653] [error] OpenSSL: error:2006D002:BIO routines:BIO_new_file:system lib [07/Feb/2006 11:57:08 25653] [error] OpenSSL: error:0E064002:configuration file routines:CONF_load:system lib [07/Feb/2006 11:57:08 25653] [error] OpenSSL: error:0906D06C:PEM routines:PEM_read_bio:no start line [Hint: Bad file contents or format - or even just a forgotten SSLCertificateKeyFile?] [07/Feb/2006 11:57:08 25653] [error] OpenSSL: error:0B084009:x509 certificate routines:X509_load_cert_crl_file:missing asn1 eos
I'm not sure what all that means. The SSLCertificateKeyFile is there, and it works fine as long as there is no mention of SSLCACertificateFile.
Note that openssl itself is not installed on the server. The ISP has an interface for generating the csr and creating the key. The second time I generated the files on another similar server, but the end result is the same. I'm wondering if possibly openssl is looking for its configuration file openssl.cnf, and that is what is not being found. 

Any ideas?

Liam



Liam Kirsher <liamk/AT/numenet/DOT/com>
415-456-4420
415-438-0384 (cell)
PGP: http://liam.numenet.com/pgp/


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to