LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices



Reply
 
Search this Thread
Old 05-01-2012, 06:23 AM   #16
WoAnerges
Member
 
Registered: Apr 2012
Posts: 50

Original Poster
Rep: Reputation: Disabled

I know there no mycomputer.com.crt file in this directory, but what can I do? Should I just create empty one, or wait, until it will create a file by itself?
There is only one file inside - ca.crt
 
Old 05-01-2012, 06:25 AM   #17
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,415

Rep: Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968
you need to create a cert... that doc is to create a CA. Now you use it to make a cert signed by your own CA. Why would you expect files you're naming yourself to work if you know fully well they don't exist??
 
1 members found this post helpful.
Old 05-01-2012, 06:28 AM   #18
WoAnerges
Member
 
Registered: Apr 2012
Posts: 50

Original Poster
Rep: Reputation: Disabled
so, CA and cert are different things? Now, is it hard to create a cert? If it's like few commands, could you help me out to create one?
 
Old 05-01-2012, 06:38 AM   #19
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,415

Rep: Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968
so, if you just want to create a self signed certificate for apache -
https://www.google.com/search?&q=how...ate+for+apache
 
Old 05-01-2012, 06:40 AM   #20
WoAnerges
Member
 
Registered: Apr 2012
Posts: 50

Original Poster
Rep: Reputation: Disabled
Quote:
# service httpd restart
Stopping httpd: [FAILED]
Starting httpd: Apache/2.2.15 mod_ssl/2.2.15 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.

Server mycomputer.com:443 (RSA)
Enter pass phrase:

OK: Pass Phrase Dialog successful.
[ OK ]
trying to load the website, but it won't load. Trying http, https. Nothing. Probably, httpd isn't starting, even it says "[ OK ]".
 
Old 05-01-2012, 06:48 AM   #21
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,415

Rep: Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968
so what do your logs say about that? what does "it won't load" mean?
 
Old 05-01-2012, 07:03 AM   #22
WoAnerges
Member
 
Registered: Apr 2012
Posts: 50

Original Poster
Rep: Reputation: Disabled
acid_kewpie,

Quote:
Oops! Google Chrome could not connect to mycomputer.com
Try reloading: mycomputer.*com
Additional suggestions:
Access a cached copy of mycomputer.*com
Search on Google:
Quote:

# tail error_log
[Tue May 01 02:34:44 2012] [notice] Digest: generating secret for digest authentication ...
[Tue May 01 02:34:44 2012] [notice] Digest: done
[Tue May 01 02:38:46 2012] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
[Tue May 01 02:38:46 2012] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue May 01 02:38:52 2012] [notice] Digest: generating secret for digest authentication ...
[Tue May 01 02:38:52 2012] [notice] Digest: done
[Tue May 01 02:48:20 2012] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
[Tue May 01 02:48:20 2012] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue May 01 02:48:24 2012] [notice] Digest: generating secret for digest authentication ...
[Tue May 01 02:48:24 2012] [notice] Digest: done

Quote:
# tail mycomputer.com-ssl_error_log
[Tue May 01 02:32:01 2012] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 01 02:34:44 2012] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 01 02:38:52 2012] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 01 02:48:24 2012] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
Quote:
# tail ssl_error_log
[Tue May 01 02:34:44 2012] [error] Unable to configure RSA server private key
[Tue May 01 02:34:44 2012] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
[Tue May 01 02:38:52 2012] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 01 02:38:52 2012] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 01 02:38:52 2012] [error] Unable to configure RSA server private key
[Tue May 01 02:38:52 2012] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
[Tue May 01 02:48:24 2012] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 01 02:48:24 2012] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 01 02:48:24 2012] [error] Unable to configure RSA server private key
[Tue May 01 02:48:24 2012] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
 
Old 05-02-2012, 02:38 PM   #23
WoAnerges
Member
 
Registered: Apr 2012
Posts: 50

Original Poster
Rep: Reputation: Disabled
Please, help me. Now I cannot access my domain at all.

Code:
]# service httpd restart
Stopping httpd:                                            [FAILED]
Starting httpd: Apache/2.2.15 mod_ssl/2.2.15 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.

Server mycomputer.com:443 (RSA)
Enter pass phrase:
Apache:mod_ssl:Error: Pass phrase empty (needs to be at least 1 character).
Enter pass phrase:

OK: Pass Phrase Dialog successful.
                                                           [  OK  ]


]# service --status-all
auditd (pid  1300) is running...
Stopped
cgred is stopped
crond (pid  1715) is running...
dovecot (pid  19695) is running...
1453
/usr/sbin/fcoemon -- RUNNING, pid=1453
No interfaces created.
httpd dead but subsys locked
Table: filter
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     all      ::/0                 ::/0                state RELATED,ESTABLISHED
2    ACCEPT     icmpv6    ::/0                 ::/0
3    ACCEPT     all      ::/0                 ::/0
4    ACCEPT     tcp      ::/0                 ::/0                state NEW tcp dpt:22
5    REJECT     all      ::/0                 ::/0                reject-with icmp6-adm-prohibited

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination
1    REJECT     all      ::/0                 ::/0                reject-with icmp6-adm-prohibited

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

Table: filter
Chain INPUT (policy DROP)
num  target     prot opt source               destination
1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22
2    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:80
5    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:443

Chain FORWARD (policy DROP)
num  target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

iscsi is stopped
iscsid is stopped
Checking jexec statuslldpad (pid  1411) is running...
multipathd is stopped
mysqld (pid 11946) is running...
netconsole module not loaded
Configured devices:
lo eth0 eth1
Currently active devices:
lo eth1
rpc.svcgssd is stopped
rpc.mountd is stopped
nfsd is stopped
rpc.statd (pid  1357) is running...
master (pid  19621) is running...
rdisc is stopped
restorecond is stopped
rpcbind (pid  1339) is running...
rpc.gssd is stopped
rpc.idmapd (pid 1391) is running...
rpc.svcgssd is stopped
rsyslogd (pid  1316) is running...
sandbox is stopped
saslauthd is stopped
openssh-daemon (pid  1486) is running...

Last edited by WoAnerges; 05-02-2012 at 02:41 PM.
 
  


Reply

Tags
certificate, error, ssl


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ssl certificate help Norse Linux - Security 4 07-01-2011 08:11 AM
How to import/use CAcert SSL root certificate to use SSL with Xchat IRC client? GrapefruiTgirl Linux - Software 9 04-05-2011 10:54 AM
Apache with SSL does not load the 2nd SSL certificate janstapel Linux - Newbie 1 06-17-2010 10:32 PM
ssl certificate nagavinodh Linux - Newbie 1 11-05-2009 08:43 AM
SSL Certificate The_JinJ Linux - General 1 03-22-2005 12:46 AM


All times are GMT -5. The time now is 09:54 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration