You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2003/07/27 18:48:02 UTC

DO NOT REPLY [Bug 21912] New: - Apache SSL certificate problem

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21912>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21912

Apache SSL certificate problem

           Summary: Apache SSL certificate problem
           Product: Apache httpd-2.0
           Version: 2.0.46
          Platform: Sun
        OS/Version: Solaris
            Status: NEW
          Severity: Critical
          Priority: Other
         Component: mod_ssl
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: pwc@mcm-tech.com


Dear,

	I will required to setup the Apache SSL using Apache 2.0 and OpenSSL 
running at Sun Solaris 2.8. After I follow the Apache documentation to generate 
the SSL certificate key, I encounter the problem of my Certificate Signing 
Request (CSR) is not self-signed. Could you please advise us on this issue?

	I will using the openssl to generate the private key and CSR with the 
following steps:-

	1) Create a RSA private key:

		$ openssl genrsa -des3 -out server.key 1024

	2) Create a Certificate Signing Request (CSR) with the server RSA 
private key:

		$ openssl req -new -key server.key -out server.csr

	But after i submit this CSR to Thawte (https://www.thawte.com) for 
signing, it give me the 'Your CSR is not self-signed.' error message. May i 
know why my CSR is not self signed?
  
   	After that, I found that Apache documentation also mentioned it can 
using own CA to sign the CSR. So, i will signed the CSR with the following 
additional steps :-
 
	1) Create a RSA private key for my own CA:

		$ openssl genrsa -des3 -out ca.key 1024

	2) Create a self-signed CA Certificate (X509 structure) with the RSA 
key of the CA:

		$ openssl req -new -x509 -days 365 -key ca.key -out ca.crt

	3) Use the sign.sh (see details at attachment) script for signing.

		$ ./sign.sh server.csr
	
	   I get the following error message during the execution of the 
sign.sh script:-

      	# echo # ./sign.sh server.csr
		CA signing: server.csr -> server.crt:
		Using configuration from ca.config
		Enter PEM pass phrase:
		Check that the request matches the signature
		Signature did not match the certificate request
		CA verifying: server.crt <-> CA cert
		server.crt: unable to load certificate file
		1680:error:0906D06C:PEM routines:PEM_read_bio:no start 
line:pem_lib.c:666:Expecting: CERTIFICATE
  
	Thanks in advance.

 Thanks and Regards  

Pang Wei Chen

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org