LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 07-25-2004, 05:32 PM   #1
chr15t0
Member
 
Registered: Jun 2002
Location: London
Distribution: Slackware
Posts: 201

Rep: Reputation: 30
openssl on slack 10 unable to read certificate from file


I have installed apache with mod_ssl and I'm trying to get it to start, but I keep getting the following:

[code]root@feodor:/etc/apache# apachectl startssl
[Sun Jul 25 23:29:43 2004] [warn] module php4_module is already loaded, skipping
[Sun Jul 25 23:29:43 2004] [warn] module mod_ssl.c is already added, skipping
/usr/sbin/apachectl startssl: httpd could not be started
root@feodor:/etc/apache#
[code]


when I check the /var/log/apache/error_log or the ssl_engine_log, I see the following madness:

Code:
[25/Jul/2004 23:29:43 08323] [error] Init: Unable to read server certificate from file /etc/apache/ssl.crt/toolkit.crt (OpenSSL library error follows)
[25/Jul/2004 23:29:43 08323] [error] OpenSSL: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[25/Jul/2004 23:29:43 08323] [error] OpenSSL: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
Anybody know what might be causing this? Alternatively, is there perhaps a simpler way to genearte a test certificate - this is really just for testing some https stuff on a local sandbox.

thanks
christo
 
Old 09-13-2005, 10:46 AM   #2
warbogas
LQ Newbie
 
Registered: Apr 2004
Distribution: RedHat
Posts: 1

Rep: Reputation: 0
openssl on slack 10 unable to read cerfiticate from file

I had the identical problem on a Redhat ES 2.1 workstation. The problem was a bad certificate file. I had mis-copied it from the CA site. In debugging this, I first tried to view the details of the certificate with the following command; openssl x509 -noout -text -in <certfile.crt> Openssl said it was "Unable to read certificate...no start line ... Expecting: TRUSTED CERTIFICATE" That indicated pretty strongly that the certificate itself was bad. Then, I used the following two commands to compare the modulus of the certificate with that of the key file; 'openssl x509 -noout -modulus -in <certfile.crt>' , and 'openssl rsa -noout -modulus -in <keyfile.key>' The two moduli did not match which confirmed that the certificate was bad. When I recopied the certificate from the CA site, and reran the commands above, all returned normal results, and the two moduli matched. I was able to restart apache successfully with the new certificate in place.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to create OpenSSL certificate for use in IIS 6.0 Pastorino Linux - Security 3 09-23-2005 07:50 AM
why can't i generate a new certificate with openssl? achouramira Linux - Security 1 04-28-2005 07:15 AM
OpenSSL + Apache certificate, how? The_Nerd Linux - Software 2 12-26-2004 09:18 PM
Thawte Certificate and OpenSSL jqcaducifer Linux - Security 5 10-16-2003 06:43 PM
Certificate with OpenSSL gr33ndata Linux - Security 3 10-03-2003 07:39 AM


All times are GMT -5. The time now is 06:28 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration