Apache + SSL error

lthozo · Jan 26, 2014

Hy!

I am migrating from CentOS to FreeBSD (Apache + SSL). After copying files and changing configuration file[1] as CentOS I am getting this error[2]. Trying to validate certificate[3].

1. /usr/local/etc/apache22/extra/httpd-ssl.conf
2.

Code:

[Fri Jan 24 08:46:06 2014] [error] Init: Unable to read server certificate from
+file /usr/local/www/ssl/certificado.csr
[Fri Jan 24 08:46:06 2014] [error] SSL Library Error: 218529960
+error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Fri Jan 24 08:46:06 2014] [error] SSL Library Error: 218595386
+error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error

3.

Code:

# openssl x509 -in certificado.crt -text -noout
unable to load certificate
34379118248:error:0906D06C:PEM routines:PEM_read_bio:no start
+line:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/pem/pem_lib.c
+:703:Expecting: TRUSTED CERTIFICATE

dpejesh · Jan 26, 2014

lthozo said:
[Fri Jan 24 08:46:06 2014] [error] Init: Unable to read server certificate from
+file /usr/local/www/ssl/certificado.csr

This is failing because you're trying to use the signing request instead of the certificate.

# openssl x509 -in certificado.crt -text -noout
unable to load certificate
34379118248:error:0906D06CEM routinesEM_read_bio:no start
+line:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/pem/pem_lib.c
+:703:Expecting: TRUSTED CERTIFICATE

This is failing because it's not PEM encoded. The first line of the file should be -----BEGIN CERTIFICATE-----. If you have a valid certificate that's in DER format, http://www.sslshopper.com/article-most-common-openssl-commands.html has examples on how to convert it.

lthozo · Jan 26, 2014

dpejesh,

Thanks a lot! =)