[users@httpd] possible bug with SSL on apache 2.0.52

[Mike Edwards <sa...@psychology.rutgers.edu>]

I'm running Apache 2.0.52 on a Linux/SPARC system
(UltraSPARC II processors).

I have created a CA, signed a certificate using this CA, and when I
attempt to start Apache with a vhost using the key + signed cert, I
receive the following in the error_log:

[Thu Jan 27 13:22:41 2005] [error] Init: Private key not found
[Thu Jan 27 13:22:41 2005] [error] SSL Library Error: 218710117 error:0D094065:asn1 encoding routines:d2i_ASN1_SET:bad class
[Thu Jan 27 13:22:41 2005] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Thu Jan 27 13:22:41 2005] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
[Thu Jan 27 13:22:41 2005] [error] SSL Library Error: 218734605 error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib

This happens both with the Debian-provided Apache2 package, and with
the vanilla Apache2 sources that I compiled earlier today.

The key + cert work on an x86 box with Apache2 (also Debian, using the
Debian package, no less).

I'm using gcc 3.3.4 to compile Apache2.  Not sure what Debian is using.

Any ideas?  I'd really like to get this to work.


-- 
Mike Edwards <sa...@psychology.rutgers.edu>
System Administrator
Psychology Department, Rutgers University, Newark campus

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] possible bug with SSL on apache 2.0.52

[Mike Edwards <sa...@psychology.rutgers.edu>]

It also helps when one uses the SSLCertificateFile and
SSLCertificateKeyFile directives - specifying both the certificate
and the key with the SSLCertificateFile directive doesn't work too well.

Thanks, folks - I have it straightened out.  I don't know how I missed
that...


On Thu, Jan 27, 2005 at 01:34:03PM -0500, Mike Edwards said:
> I'm running Apache 2.0.52 on a Linux/SPARC system
> (UltraSPARC II processors).
> 
> I have created a CA, signed a certificate using this CA, and when I
> attempt to start Apache with a vhost using the key + signed cert, I
> receive the following in the error_log:
> 
> [Thu Jan 27 13:22:41 2005] [error] Init: Private key not found
> [Thu Jan 27 13:22:41 2005] [error] SSL Library Error: 218710117 error:0D094065:asn1 encoding routines:d2i_ASN1_SET:bad class
> [Thu Jan 27 13:22:41 2005] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
> [Thu Jan 27 13:22:41 2005] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
> [Thu Jan 27 13:22:41 2005] [error] SSL Library Error: 218734605 error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib
> 
> This happens both with the Debian-provided Apache2 package, and with
> the vanilla Apache2 sources that I compiled earlier today.
> 
> The key + cert work on an x86 box with Apache2 (also Debian, using the
> Debian package, no less).
> 
> I'm using gcc 3.3.4 to compile Apache2.  Not sure what Debian is using.
> 
> Any ideas?  I'd really like to get this to work.

-- 
Mike Edwards <sa...@psychology.rutgers.edu>
System Administrator
Psychology Department, Rutgers University, Newark campus

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org