You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Huw Jenkins <hu...@solutionsinc.co.uk> on 2003/12/04 10:42:09 UTC

[users@httpd] SSL errors in Apache on Mac OS 10.3

Hi there,

I'm new to this list so apologies if I'm sending this to the wrong place (if
I am can you point me in the right direction?). I'm having problems with
installing an SSL certificate. Moreover I've having difficulty deciphering
the error log. I was wondering if one of you wouldn't mind looking at the
log excerpt and telling me what it means/what's going wrong?

<snip>
[03/Dec/2003 17:08:22 12722] [info]  Init: Loading certificate & private key
of SSL-aware server www.eatyergreens.com:16443
[03/Dec/2003 17:08:22 12722] [info]  Init: Requesting pass phrase from
dialog filter program (/etc/httpd/getsslpassphrase)
[03/Dec/2003 17:08:22 12722] [error] Init: Pass phrase incorrect (OpenSSL
library error follows)
[03/Dec/2003 17:08:22 12722] [error] OpenSSL: error:0D07207B:asn1 encoding
routines:ASN1_get_object:header too long
</snip>

Is this an encoding issue? Or is it just that one of the files has become
corrupt? Or maybe something else that my limited experience with SSL could
never fathom in a million years? ;-)


Thanks

Huw Jenkins


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] R: [users@httpd] SSL errors in Apache on Mac OS 10.3

Posted by Huw Jenkins <hu...@solutionsinc.co.uk>.

I recreated the certificate and Geotrust re-issued the certificate for me,
worked fine. Must have been corrupt.

Thanks for the help.

Huw

> From: "Andrea Riela" <ml...@nesys.it>
> Reply-To: users@httpd.apache.org
> Date: Thu, 4 Dec 2003 12:42:27 +0100
> To: <us...@httpd.apache.org>
> Subject: [users@httpd] R: [users@httpd] SSL errors in Apache on Mac OS 10.3
> 
>> [03/Dec/2003 17:08:22 12722] [error] Init: Pass phrase incorrect (OpenSSL
> library error follows)
>> [03/Dec/2003 17:08:22 12722] [error] OpenSSL: error:0D07207B:asn1 encoding
> routines:ASN1_get_object:header too long </snip>
> 
> My suggestion is: try to recreate certificate and key
> 
> Openssl genrsa -out yourkey.key 1024 -days 365
> Openssl req -new -key yourkey.key -x5009 -out yourcertificate.crt
> 
> In virtual host:
> 
> ServerName ...
> ServerAdmin ...
> Port 443
> DocumentRoot ...
> SSLEngine on
> SSLCertificateFile /pathfor/yourcertificate.crt
> SSLCertificateKeyFile /pathfor/yourkey.key
> ErrorLog ...
> CustomLog ...
> 
> Byez
> Andrea
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>  "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

[users@httpd] R: [users@httpd] SSL errors in Apache on Mac OS 10.3

Posted by Andrea Riela <ml...@nesys.it>.

> [03/Dec/2003 17:08:22 12722] [error] Init: Pass phrase incorrect (OpenSSL
library error follows)
> [03/Dec/2003 17:08:22 12722] [error] OpenSSL: error:0D07207B:asn1 encoding
routines:ASN1_get_object:header too long </snip>

My suggestion is: try to recreate certificate and key

Openssl genrsa -out yourkey.key 1024 -days 365
Openssl req -new -key yourkey.key -x5009 -out yourcertificate.crt

In virtual host:

ServerName ...
ServerAdmin ...
Port 443
DocumentRoot ...
SSLEngine on
SSLCertificateFile /pathfor/yourcertificate.crt
SSLCertificateKeyFile /pathfor/yourkey.key
ErrorLog ...
CustomLog ...

Byez
Andrea


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org