Review your favorite Linux distribution.
Go Back > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Slackware This Forum is for the discussion of Slackware Linux.


  Search this Thread
Old 07-25-2004, 06:32 PM   #1
Registered: Jun 2002
Location: London
Distribution: Slackware
Posts: 201

Rep: Reputation: 30
openssl on slack 10 unable to read certificate from file

I have installed apache with mod_ssl and I'm trying to get it to start, but I keep getting the following:

[code]root@feodor:/etc/apache# apachectl startssl
[Sun Jul 25 23:29:43 2004] [warn] module php4_module is already loaded, skipping
[Sun Jul 25 23:29:43 2004] [warn] module mod_ssl.c is already added, skipping
/usr/sbin/apachectl startssl: httpd could not be started

when I check the /var/log/apache/error_log or the ssl_engine_log, I see the following madness:

[25/Jul/2004 23:29:43 08323] [error] Init: Unable to read server certificate from file /etc/apache/ssl.crt/toolkit.crt (OpenSSL library error follows)
[25/Jul/2004 23:29:43 08323] [error] OpenSSL: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[25/Jul/2004 23:29:43 08323] [error] OpenSSL: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
Anybody know what might be causing this? Alternatively, is there perhaps a simpler way to genearte a test certificate - this is really just for testing some https stuff on a local sandbox.

Old 09-13-2005, 11:46 AM   #2
LQ Newbie
Registered: Apr 2004
Distribution: RedHat
Posts: 1

Rep: Reputation: 0
openssl on slack 10 unable to read cerfiticate from file

I had the identical problem on a Redhat ES 2.1 workstation. The problem was a bad certificate file. I had mis-copied it from the CA site. In debugging this, I first tried to view the details of the certificate with the following command; openssl x509 -noout -text -in <certfile.crt> Openssl said it was "Unable to read start line ... Expecting: TRUSTED CERTIFICATE" That indicated pretty strongly that the certificate itself was bad. Then, I used the following two commands to compare the modulus of the certificate with that of the key file; 'openssl x509 -noout -modulus -in <certfile.crt>' , and 'openssl rsa -noout -modulus -in <keyfile.key>' The two moduli did not match which confirmed that the certificate was bad. When I recopied the certificate from the CA site, and reran the commands above, all returned normal results, and the two moduli matched. I was able to restart apache successfully with the new certificate in place.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
why can't i generate a new certificate with openssl? achouramira Linux - Security 3 04-18-2019 06:51 PM
How to create OpenSSL certificate for use in IIS 6.0 Pastorino Linux - Security 3 09-23-2005 08:50 AM
OpenSSL + Apache certificate, how? The_Nerd Linux - Software 2 12-26-2004 10:18 PM
Thawte Certificate and OpenSSL jqcaducifer Linux - Security 5 10-16-2003 07:43 PM
Certificate with OpenSSL gr33ndata Linux - Security 3 10-03-2003 08:39 AM > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 11:44 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration