Bookmarks

Yahoo Gmail Google Facebook Delicious Twitter Reddit Stumpleupon Myspace Digg

Search queries

nisc wwwxxx, wwwxxx0cm, should producers of software-based services, such as atms, be held liable for economic injuries suffered when their systems fail?, wwwxxx0cm, www.webdp.net, Event 9 IIS log failed to write entry, wwwxxx jeffs, Catastrophic failure Unexpected method call sequence. 0x8000ffff (-2147418113)., ksh lock a file, [unixODBC][Driver Manager]Driver's SQLAllocHandle on SQL_HANDLE_DBC failed

Links

XODOX
Impressum

#1: Issue setting up a Verisign certificate

Posted on 2009-07-27 21:25:53 by Diilb

I have generated a CSR, sent it to Verisign and they sent me back a
cer file that I have renamed to public.crt. As per their support
instructions I installed their Intermediate CA
(https://knowledge.verisign.com/support/ssl-certificates-sup port/index?page=content&id=AR193)

My virtualhost configuration is as follows:

SSLEngine on
SSLCertificateFile /etc/apache2/public.crt
SSLCertificateKeyFile /etc/apache2/private.key
SSLCACertificateFile /etc/apache2/interm.crt

I am getting this error when trying to start Apache:

[Mon Jul 27 16:05:07 2009] [error] Init: Unable to read server
certificate from file /etc/apache2/secure.canadaeast.com.public.crt
[Mon Jul 27 16:05:07 2009] [error] SSL Library Error: 218529960
error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Jul 27 16:05:07 2009] [error] SSL Library Error: 218595386
error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
error

Any thoughts, because I am at a loss and am not interested in wait on
how 35 minutes to speak to their support people.

Thanks!
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Report this message

#2: Re: Issue setting up a Verisign certificate

Posted on 2009-07-27 21:37:59 by Victoriano Giralt

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Robin escribi=F3:
| My virtualhost configuration is as follows:
|
| SSLEngine on
| SSLCertificateFile /etc/apache2/public.crt
- ------------------------^
| SSLCertificateKeyFile /etc/apache2/private.key
| SSLCACertificateFile /etc/apache2/interm.crt
I think this does not belong here, but I might be wrong.

| [Mon Jul 27 16:05:07 2009] [error] Init: Unable to read server
| certificate from file /etc/apache2/secure.canadaeast.com.public.crt
- -------------------------------^
It seems your Apache is looking for the cert in a different file than you
think.

Probably because there is a different virtual host configuration for the
SSL one.
- --
- ------------------------------------------------------------ -----------=
----
G & S Sistemas de Informacion, S.L. | Tel=E9fono: 9 02 01 44 43
Victoriano Giralt | Land line: +34-952-207-241
Torre de San Telmo, 8 | Mobile: +34-670-332-720
E-29018 Malaga (Spain) | http://www.gssi.es/
- ------------------------------------------------------------ -----------=
----

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org

iD8DBQFKbgIWWHlx3l8ZumwRAk81AJ9aINiS57WlUCvEpHLboAsERThPdACf Tp2f
DZnobVXEnFsucQbkMINLcXQ=3D
=3DSRHR
-----END PGP SIGNATURE-----
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Report this message

#3: Re: Issue setting up a Verisign certificate

Posted on 2009-07-27 21:40:49 by Lou Picciano

------=_Part_298706_1381593665.1248723649973
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit

Robin,

Be sure Verisign's 'root' certificate is installed in your browser's certificate store - this is probably already done by default.

Then, verify what this is pointing to (from your own log file):
Unable to read server certificate from file /etc/apache2/secure.canadaeast.com.public.crt

Verify that your apache config file doesn't have one of the 'alternate' certificate pointer directives activated. Various configurations 'bundle' certs together in concatenated form, for example.

Be sure also that your VerifyDepth is set appropriately... Looks like a depth of at least 3 levels to me.

----- Original Message -----
From: "Robin" <diilbert.atlantis@gmail.com>
To: modssl-users@modssl.org
Sent: Monday, July 27, 2009 3:25:53 PM GMT -05:00 US/Canada Eastern
Subject: Issue setting up a Verisign certificate

I have generated a CSR, sent it to Verisign and they sent me back a
cer file that I have renamed to public.crt. As per their support
instructions I installed their Intermediate CA
(https://knowledge.verisign.com/support/ssl-certificates-sup port/index?page=content&id=AR193)

My virtualhost configuration is as follows:

SSLEngine on
SSLCertificateFile /etc/apache2/public.crt
SSLCertificateKeyFile /etc/apache2/private.key
SSLCACertificateFile /etc/apache2/interm.crt

I am getting this error when trying to start Apache:

[Mon Jul 27 16:05:07 2009] [error] Init: Unable to read server
certificate from file /etc/apache2/secure.canadaeast.com.public.crt
[Mon Jul 27 16:05:07 2009] [error] SSL Library Error: 218529960
error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Jul 27 16:05:07 2009] [error] SSL Library Error: 218595386
error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
error

Any thoughts, because I am at a loss and am not interested in wait on
how 35 minutes to speak to their support people.

Thanks!
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

------=_Part_298706_1381593665.1248723649973
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable

<html><head><style type=3D'text/css'>p { margin: 0; }</style></head><body><=
div style=3D'font-family: Arial; font-size: 12pt; color: #000000'>Robin,<br=
><br>Be sure Verisign's 'root' certificate is installed in your browser's c=
ertificate store - this is probably already done by default.<br><br>Then, v=
erify what this is pointing to (from your own log file): <br>Unable to read=
server certificate from file /etc/apache2/secure.canadaeast.com.public.crt=
<br><br>Verify that your apache config file doesn't have one of the 'altern=
ate' certificate pointer directives activated.&nbsp; Various configurations=
'bundle' certs together in concatenated form, for example.<br><br>Be sure =
also that your VerifyDepth is set appropriately...&nbsp;&nbsp; Looks like a=
depth of at least 3 levels to me.<br><br>----- Original Message -----<br>F=
rom: "Robin" &lt;diilbert.atlantis@gmail.com&gt;<br>To: modssl-users@modssl=
..org<br>Sent: Monday, July 27, 2009 3:25:53 PM GMT -05:00 US/Canada Eastern=
<br>Subject: Issue setting up a Verisign certificate<br><br>I have generate=
d a CSR, sent it to Verisign and they sent me back a<br>cer file that I hav=
e renamed to public.crt. &nbsp;As per their support<br>instructions I insta=
lled their Intermediate CA<br>(https://knowledge.verisign.com/support/ssl-c=
ertificates-support/index?page=3Dcontent&amp;id=3DAR193)<br><br>My virtualh=
ost configuration is as follows:<br><br>&nbsp;&nbsp;SSLEngine on<br>&nbsp;&=
nbsp;SSLCertificateFile /etc/apache2/public.crt<br>&nbsp;&nbsp;SSLCertifica=
teKeyFile /etc/apache2/private.key<br>&nbsp;&nbsp;SSLCACertificateFile /etc=
/apache2/interm.crt<br><br>I am getting this error when trying to start Apa=
che:<br><br>[Mon Jul 27 16:05:07 2009] [error] Init: Unable to read server<=
br>certificate from file /etc/apache2/secure.canadaeast.com.public.crt<br>[=
Mon Jul 27 16:05:07 2009] [error] SSL Library Error: 218529960<br>error:0D0=
680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag<br>[Mon Jul 27 16:05=
:07 2009] [error] SSL Library Error: 218595386<br>error:0D07803A:asn1 encod=
ing routines:ASN1_ITEM_EX_D2I:nested asn1<br>error<br><br>Any thoughts, bec=
ause I am at a loss and am not interested in wait on<br>how 35 minutes to s=
peak to their support people.<br><br>Thanks!<br>___________________________=
___________________________________________<br>Apache Interface to OpenSSL =
(mod_ssl) &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ww=
w.modssl.org<br>User Support Mailing List &nbsp; &nbsp; &nbsp; &nbsp; &nbsp=
; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;modssl-users@modssl.org<br>Autom=
ated List Manager &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &=
nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;majordomo@modssl.org<br></div></bod=
y></html>
------=_Part_298706_1381593665.1248723649973--
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Report this message