Issue setting up a Verisign certificate

Issue setting up a Verisign certificate

am 27.07.2009 21:25:53 von Diilb

I have generated a CSR, sent it to Verisign and they sent me back a
cer file that I have renamed to public.crt. As per their support
instructions I installed their Intermediate CA
(https://knowledge.verisign.com/support/ssl-certificates-sup port/index?page=content&id=AR193)

My virtualhost configuration is as follows:

SSLEngine on
SSLCertificateFile /etc/apache2/public.crt
SSLCertificateKeyFile /etc/apache2/private.key
SSLCACertificateFile /etc/apache2/interm.crt

I am getting this error when trying to start Apache:

[Mon Jul 27 16:05:07 2009] [error] Init: Unable to read server
certificate from file /etc/apache2/secure.canadaeast.com.public.crt
[Mon Jul 27 16:05:07 2009] [error] SSL Library Error: 218529960
error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Jul 27 16:05:07 2009] [error] SSL Library Error: 218595386
error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
error

Any thoughts, because I am at a loss and am not interested in wait on
how 35 minutes to speak to their support people.

Thanks!
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Issue setting up a Verisign certificate

am 27.07.2009 21:37:59 von Victoriano Giralt

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Robin escribi=F3:
| My virtualhost configuration is as follows:
|
| SSLEngine on
| SSLCertificateFile /etc/apache2/public.crt
- ------------------------^
| SSLCertificateKeyFile /etc/apache2/private.key
| SSLCACertificateFile /etc/apache2/interm.crt
I think this does not belong here, but I might be wrong.

| [Mon Jul 27 16:05:07 2009] [error] Init: Unable to read server
| certificate from file /etc/apache2/secure.canadaeast.com.public.crt
- -------------------------------^
It seems your Apache is looking for the cert in a different file than you
think.

Probably because there is a different virtual host configuration for the
SSL one.
- --
- ------------------------------------------------------------ -----------=
----
G & S Sistemas de Informacion, S.L. | Tel=E9fono: 9 02 01 44 43
Victoriano Giralt | Land line: +34-952-207-241
Torre de San Telmo, 8 | Mobile: +34-670-332-720
E-29018 Malaga (Spain) | http://www.gssi.es/
- ------------------------------------------------------------ -----------=
----

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org

iD8DBQFKbgIWWHlx3l8ZumwRAk81AJ9aINiS57WlUCvEpHLboAsERThPdACf Tp2f
DZnobVXEnFsucQbkMINLcXQ=3D
=3DSRHR
-----END PGP SIGNATURE-----
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Issue setting up a Verisign certificate

am 27.07.2009 21:40:49 von Lou Picciano

------=_Part_298706_1381593665.1248723649973
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit

Robin,

Be sure Verisign's 'root' certificate is installed in your browser's certificate store - this is probably already done by default.

Then, verify what this is pointing to (from your own log file):
Unable to read server certificate from file /etc/apache2/secure.canadaeast.com.public.crt

Verify that your apache config file doesn't have one of the 'alternate' certificate pointer directives activated. Various configurations 'bundle' certs together in concatenated form, for example.

Be sure also that your VerifyDepth is set appropriately... Looks like a depth of at least 3 levels to me.

----- Original Message -----
From: "Robin"
To: modssl-users@modssl.org
Sent: Monday, July 27, 2009 3:25:53 PM GMT -05:00 US/Canada Eastern
Subject: Issue setting up a Verisign certificate

I have generated a CSR, sent it to Verisign and they sent me back a
cer file that I have renamed to public.crt. As per their support
instructions I installed their Intermediate CA
(https://knowledge.verisign.com/support/ssl-certificates-sup port/index?page=content&id=AR193)

My virtualhost configuration is as follows:

SSLEngine on
SSLCertificateFile /etc/apache2/public.crt
SSLCertificateKeyFile /etc/apache2/private.key
SSLCACertificateFile /etc/apache2/interm.crt

I am getting this error when trying to start Apache:

[Mon Jul 27 16:05:07 2009] [error] Init: Unable to read server
certificate from file /etc/apache2/secure.canadaeast.com.public.crt
[Mon Jul 27 16:05:07 2009] [error] SSL Library Error: 218529960
error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Jul 27 16:05:07 2009] [error] SSL Library Error: 218595386
error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
error

Any thoughts, because I am at a loss and am not interested in wait on
how 35 minutes to speak to their support people.

Thanks!
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

------=_Part_298706_1381593665.1248723649973
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable

<=
div style=3D'font-family: Arial; font-size: 12pt; color: #000000'>Robin, >
Be sure Verisign's 'root' certificate is installed in your browser's c=
ertificate store - this is probably already done by default.

Then, v=
erify what this is pointing to (from your own log file):
Unable to read=
server certificate from file /etc/apache2/secure.canadaeast.com.public.crt=


Verify that your apache config file doesn't have one of the 'altern=
ate' certificate pointer directives activated.  Various configurations=
'bundle' certs together in concatenated form, for example.

Be sure =
also that your VerifyDepth is set appropriately...   Looks like a=
depth of at least 3 levels to me.

----- Original Message -----
F=
rom: "Robin" <diilbert.atlantis@gmail.com>
To: modssl-users@modssl=
..org
Sent: Monday, July 27, 2009 3:25:53 PM GMT -05:00 US/Canada Eastern=

Subject: Issue setting up a Verisign certificate

I have generate=
d a CSR, sent it to Verisign and they sent me back a
cer file that I hav=
e renamed to public.crt.  As per their support
instructions I insta=
lled their Intermediate CA
(https://knowledge.verisign.com/support/ssl-c=
ertificates-support/index?page=3Dcontent&id=3DAR193)

My virtualh=
ost configuration is as follows:

  SSLEngine on
 &=
nbsp;SSLCertificateFile /etc/apache2/public.crt
  SSLCertifica=
teKeyFile /etc/apache2/private.key
  SSLCACertificateFile /etc=
/apache2/interm.crt

I am getting this error when trying to start Apa=
che:

[Mon Jul 27 16:05:07 2009] [error] Init: Unable to read server<=
br>certificate from file /etc/apache2/secure.canadaeast.com.public.crt
[=
Mon Jul 27 16:05:07 2009] [error] SSL Library Error: 218529960
error:0D0=
680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Jul 27 16:05=
:07 2009] [error] SSL Library Error: 218595386
error:0D07803A:asn1 encod=
ing routines:ASN1_ITEM_EX_D2I:nested asn1
error

Any thoughts, bec=
ause I am at a loss and am not interested in wait on
how 35 minutes to s=
peak to their support people.

Thanks!
___________________________=
___________________________________________
Apache Interface to OpenSSL =
(mod_ssl)                   ww=
w.modssl.org
User Support Mailing List          =
;            modssl-users@modssl.org
Autom=
ated List Manager                 &=
nbsp;          majordomo@modssl.org
y>
------=_Part_298706_1381593665.1248723649973--
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org