LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   mod_gnutls giving me a parse error with a key from a CA. (http://www.linuxquestions.org/questions/linux-security-4/mod_gnutls-giving-me-a-parse-error-with-a-key-from-a-ca-818708/)

mtlhd 07-08-2010 10:59 AM

mod_gnutls giving me a parse error with a key from a CA.
 
Hey all, I need someone's advice that uses mod_gnutls as opposed to mod_ssl.

I am trying to run SSL on another port instead of 443. Our firewall is crap and has some service already running there and makes my site time out. When I changed the port for mod_ssl, it required me to put the port number in the URL. Wasn't a huge fan. Then I was enlightened to the glory of mod_gnutls.

but of course, I can't get it to run. :-(

I bought a cert from a CA but gnutls shoots me errors on them. (mod_ssl has no problem)
I don't understand it.

here is the snippet of my sites available file for apache2
Code:

<VirtualHost *:###>
        ServerName www.mysite.com:###
        ServerAlias mysite.com misite.com www.misite.com
        ServerAdmin webmaster@mysite.com
        DocumentRoot /home/me/www/mysite
        <Directory />
                Options FollowSymLinks -Indexes
                AllowOverride None
                Order Allow,Deny
                Allow from all
        </Directory>
        ErrorLog /var/log/apache2/ssl-error.log
        CustomLog /home/me/www/mysite/logs/access.log combined

#Mod_GnuTLS currently enabled
        GnuTLSEnable on
        GnuTLSCertificateFile /etc/apache2/ssl.crt/mysite.crt
        GnuTLSKeyFile /etc/apache2/ssl.key/mysite.key
        GnuTLSPriorities NORMAL
</VirtualHost>

When I try to start apache2, it gives me this error:
Code:

Syntax error on line 91 of /etc/apache2/sites-enabled/000-default:
GnuTLS: Failed to Import Private Key '/etc/apache2/ssl.key/mysite.key': (-69) ASN1 parser: Error in DER parsing.

Totally lost on this.
Thanks in advance LQ community.

mtlhd 07-08-2010 02:12 PM

:bump :-(

win32sux 07-08-2010 02:36 PM

Quote:

Originally Posted by mtlhd (Post 4027551)
:bump :-(

Don't do this it's considered extremely bad netiquette here. Be considerate of the fact that LQ members are from all parts of the globe, and as such are located in all time zones. Wait at least 24 hours before bumping your thread, and when you do, provide details as to anything further which you've tried, or any new information you have. Also, with this bump, you've effectively canceled out the automatic bumps you would have been receiving due to the zero-reply status.

mtlhd 07-08-2010 03:39 PM

Quote:

Originally Posted by win32sux (Post 4027570)
Don't do this it's considered extremely bad netiquette here. Be considerate of the fact that LQ members are from all parts of the globe, and as such are located in all time zones. Wait at least 24 hours before bumping your thread, and when you do, provide details as to anything further which you've tried, or any new information you have. Also, with this bump, you've effectively canceled out the automatic bumps you would have been receiving due to the zero-reply status.

My apologies.
Just used to seeing it on other threads.
Didn't know about auto bump.


All times are GMT -5. The time now is 08:13 AM.