You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2003/07/27 18:48:02 UTC
DO NOT REPLY [Bug 21912] New: -
Apache SSL certificate problem
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21912>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21912
Apache SSL certificate problem
Summary: Apache SSL certificate problem
Product: Apache httpd-2.0
Version: 2.0.46
Platform: Sun
OS/Version: Solaris
Status: NEW
Severity: Critical
Priority: Other
Component: mod_ssl
AssignedTo: bugs@httpd.apache.org
ReportedBy: pwc@mcm-tech.com
Dear,
I will required to setup the Apache SSL using Apache 2.0 and OpenSSL
running at Sun Solaris 2.8. After I follow the Apache documentation to generate
the SSL certificate key, I encounter the problem of my Certificate Signing
Request (CSR) is not self-signed. Could you please advise us on this issue?
I will using the openssl to generate the private key and CSR with the
following steps:-
1) Create a RSA private key:
$ openssl genrsa -des3 -out server.key 1024
2) Create a Certificate Signing Request (CSR) with the server RSA
private key:
$ openssl req -new -key server.key -out server.csr
But after i submit this CSR to Thawte (https://www.thawte.com) for
signing, it give me the 'Your CSR is not self-signed.' error message. May i
know why my CSR is not self signed?
After that, I found that Apache documentation also mentioned it can
using own CA to sign the CSR. So, i will signed the CSR with the following
additional steps :-
1) Create a RSA private key for my own CA:
$ openssl genrsa -des3 -out ca.key 1024
2) Create a self-signed CA Certificate (X509 structure) with the RSA
key of the CA:
$ openssl req -new -x509 -days 365 -key ca.key -out ca.crt
3) Use the sign.sh (see details at attachment) script for signing.
$ ./sign.sh server.csr
I get the following error message during the execution of the
sign.sh script:-
# echo # ./sign.sh server.csr
CA signing: server.csr -> server.crt:
Using configuration from ca.config
Enter PEM pass phrase:
Check that the request matches the signature
Signature did not match the certificate request
CA verifying: server.crt <-> CA cert
server.crt: unable to load certificate file
1680:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:666:Expecting: CERTIFICATE
Thanks in advance.
Thanks and Regards
Pang Wei Chen
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org