Problem loading crt

Problem loading crt

am 23.08.2002 22:52:07 von Masen Yaffee

Hi!

I'm trying to get a temporary .crt from Thawte because our primary .crt
just expired (long story – problems with Thawte believing we are who we
say we are). I'm using openssl 0.9.6c to generate a server key which I
paste into Thawte's "Get a test Certificate" interface.

Here's how I created the .key:

/usr/local/ssl/bin/openssl genrsa -des3 -out regform.key 1024

and entered all the onscreen info appropriately (I've done this several
times in the past with success, so I'm pretty sure I'm answering the
questions right). I can read the key file back in with no problem using:

/usr/local/ssl/bin/openssl rsa -noout -text -in regform.key

Then I generate a CSR like this:

openssl req -new -key regform.key -out regform.csr

I copied the contents of the csr exactly (no extra spaces, etc.) and
pasted it into Thawte's interface. I tried all three formats that they
offer: default (they auto select the best format bsed on the format of
the csr), "standard" format (lowest-common-denominator format is a
BASE64 encoding of an X509 certificate) and "PEM" format. They
immediately give back a certificate which I copy back to it's own text
file, "regform.crt". If I try to read the crt with:

/usr/local/openssl/bin/openssl x509 -noout -text -in regform.crt

I get the following error:

unable to load certificate
19300:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:662:Expecting: TRUSTED CERTIFICATE

If I try to load the key/crt combo in apache, I get this error:

[Fri Aug 23 12:03:05 2002] [error] mod_ssl: Init: Unable to read server
certificate from file /home/regform/cert/regform.crt (OpenSSL library
error follows)
[Fri Aug 23 12:03:05 2002] [error] OpenSSL: error:0D09F007:asn1 encoding
routines:d2i_X509:expecting an asn1 sequence

There are 5 other key/crts running on this server under different
virtual hosts, so I know that everything is installed right. I found
some references to this error in the mailing list archives, but couldn't
figure out the cause or how to fix. Any help is greatly appreciated!!!

Thanks,
Masen

--
Masen Yaffee
New Directions In Computing
"The Tri-County's First Website Development Company"
805-962-8565 x28      http://www.ndic.com/
Since 1994


____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org