LinuxQuestions.org
Page 2 of 2 1 2
Show 50 post(s) from this thread on one page

LinuxQuestions.org (/questions/)
-   Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)
-   -   SSL errors, while trying to add a certificate (https://www.linuxquestions.org/questions/linux-software-2/ssl-errors-while-trying-to-add-a-certificate-942690/)

WoAnerges 05-01-2012 05:23 AM
I know there no mycomputer.com.crt file in this directory, but what can I do? Should I just create empty one, or wait, until it will create a file by itself?
There is only one file inside - ca.crt

acid_kewpie 05-01-2012 05:25 AM
you need to create a cert... that doc is to create a CA. Now you use it to make a cert signed by your own CA. Why would you expect files you're naming yourself to work if you know fully well they don't exist?? :confused:

WoAnerges 05-01-2012 05:28 AM
so, CA and cert are different things? Now, is it hard to create a cert? If it's like few commands, could you help me out to create one?

acid_kewpie 05-01-2012 05:38 AM
so, if you just want to create a self signed certificate for apache -
https://www.google.com/search?&q=how...ate+for+apache

WoAnerges 05-01-2012 05:40 AM
Quote:
# service httpd restart
Stopping httpd: [FAILED]
Starting httpd: Apache/2.2.15 mod_ssl/2.2.15 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.

Server mycomputer.com:443 (RSA)
Enter pass phrase:

OK: Pass Phrase Dialog successful.
[ OK ]
trying to load the website, but it won't load. Trying http, https. Nothing. Probably, httpd isn't starting, even it says "[ OK ]".

acid_kewpie 05-01-2012 05:48 AM
so what do your logs say about that? what does "it won't load" mean?

WoAnerges 05-01-2012 06:03 AM
acid_kewpie,

Quote:
Oops! Google Chrome could not connect to mycomputer.com
Try reloading: mycomputer.*com
Additional suggestions:
Access a cached copy of mycomputer.*com
Search on Google:
Quote:

# tail error_log
[Tue May 01 02:34:44 2012] [notice] Digest: generating secret for digest authentication ...
[Tue May 01 02:34:44 2012] [notice] Digest: done
[Tue May 01 02:38:46 2012] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
[Tue May 01 02:38:46 2012] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue May 01 02:38:52 2012] [notice] Digest: generating secret for digest authentication ...
[Tue May 01 02:38:52 2012] [notice] Digest: done
[Tue May 01 02:48:20 2012] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
[Tue May 01 02:48:20 2012] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue May 01 02:48:24 2012] [notice] Digest: generating secret for digest authentication ...
[Tue May 01 02:48:24 2012] [notice] Digest: done

Quote:
# tail mycomputer.com-ssl_error_log
[Tue May 01 02:32:01 2012] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 01 02:34:44 2012] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 01 02:38:52 2012] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 01 02:48:24 2012] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
Quote:
# tail ssl_error_log
[Tue May 01 02:34:44 2012] [error] Unable to configure RSA server private key
[Tue May 01 02:34:44 2012] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
[Tue May 01 02:38:52 2012] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 01 02:38:52 2012] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 01 02:38:52 2012] [error] Unable to configure RSA server private key
[Tue May 01 02:38:52 2012] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
[Tue May 01 02:48:24 2012] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 01 02:48:24 2012] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 01 02:48:24 2012] [error] Unable to configure RSA server private key
[Tue May 01 02:48:24 2012] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch

WoAnerges 05-02-2012 01:38 PM
Please, help me. Now I cannot access my domain at all.

Code:

]# service httpd restart
Stopping httpd:                                            [FAILED]
Starting httpd: Apache/2.2.15 mod_ssl/2.2.15 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.

Server mycomputer.com:443 (RSA)
Enter pass phrase:
Apache:mod_ssl:Error: Pass phrase empty (needs to be at least 1 character).
Enter pass phrase:

OK: Pass Phrase Dialog successful.
                                                          [  OK  ]


]# service --status-all
auditd (pid  1300) is running...
Stopped
cgred is stopped
crond (pid  1715) is running...
dovecot (pid  19695) is running...
1453
/usr/sbin/fcoemon -- RUNNING, pid=1453
No interfaces created.
httpd dead but subsys locked
Table: filter
Chain INPUT (policy ACCEPT)
num  target    prot opt source              destination
1    ACCEPT    all      ::/0                ::/0                state RELATED,ESTABLISHED
2    ACCEPT    icmpv6    ::/0                ::/0
3    ACCEPT    all      ::/0                ::/0
4    ACCEPT    tcp      ::/0                ::/0                state NEW tcp dpt:22
5    REJECT    all      ::/0                ::/0                reject-with icmp6-adm-prohibited

Chain FORWARD (policy ACCEPT)
num  target    prot opt source              destination
1    REJECT    all      ::/0                ::/0                reject-with icmp6-adm-prohibited

Chain OUTPUT (policy ACCEPT)
num  target    prot opt source              destination

Table: filter
Chain INPUT (policy DROP)
num  target    prot opt source              destination
1    ACCEPT    tcp  --  0.0.0.0/0            0.0.0.0/0          tcp dpt:22
2    ACCEPT    all  --  0.0.0.0/0            0.0.0.0/0
3    ACCEPT    all  --  0.0.0.0/0            0.0.0.0/0          state RELATED,ESTABLISHED
4    ACCEPT    tcp  --  0.0.0.0/0            0.0.0.0/0          state NEW tcp dpt:80
5    ACCEPT    tcp  --  0.0.0.0/0            0.0.0.0/0          state NEW tcp dpt:443

Chain FORWARD (policy DROP)
num  target    prot opt source              destination

Chain OUTPUT (policy ACCEPT)
num  target    prot opt source              destination

iscsi is stopped
iscsid is stopped
Checking jexec statuslldpad (pid  1411) is running...
multipathd is stopped
mysqld (pid 11946) is running...
netconsole module not loaded
Configured devices:
lo eth0 eth1
Currently active devices:
lo eth1
rpc.svcgssd is stopped
rpc.mountd is stopped
nfsd is stopped
rpc.statd (pid  1357) is running...
master (pid  19621) is running...
rdisc is stopped
restorecond is stopped
rpcbind (pid  1339) is running...
rpc.gssd is stopped
rpc.idmapd (pid 1391) is running...
rpc.svcgssd is stopped
rsyslogd (pid  1316) is running...
sandbox is stopped
saslauthd is stopped
openssh-daemon (pid  1486) is running...


All times are GMT -5. The time now is 07:47 PM.
Page 2 of 2 1 2
Show 50 post(s) from this thread on one page