Self signed Apache cert error: asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
6,038
Apache doesn't like PKCS12 format certificates, it expects x509. Use your ksb_cert_rep.pem
file, instead.
Related videos on Youtube
Author by
djangofan
I always pay it forward. I ask questions so I can learn and I try to help others.
Updated on September 18, 2022Comments
-
djangofan over 1 year
Can anyone see where I went wrong on these steps (on Windows XP + Apache 2.2)?
I tried to create my own self signed SSL certificate with my own CA and when its all done my Apache server wont start and my log file says:
[info] Init: Seeding PRNG with 136 bytes of entropy [info] Loading certificate & private key of SSL-aware server [error] Init: Unable to read server certificate from file C:/Apache2.2/conf/thor.mysite.com_cert/ksb_cert_rep.p12 [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error [error] SSL Library Error: 218640442 error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
Here is what I did to create the cert:
openssl req -x509 -out ca_cert.pem -newkey rsa:2048 -keyout ca_priv_key.pem -days 3650 openssl x509 -in ca_cert.pem -text -noout openssl req -out ksb_cert_req.pem -new -keyout ksb_priv_key.pem openssl req -noout -text -verify -in ksb_cert_req.pem openssl x509 -req -in ksb_cert_req.pem -CA ca_cert.pem -CAkey ca_priv_key.pem -CAcreateserial -out ksb_cert_rep.pem -days 3650 openssl pkcs12 -export -in ksb_cert_rep.pem -inkey ksb_priv_key.pem -out ksb_cert_rep.p12 -name "ksb certificate" openssl pkcs12 -info -in ksb_cert_rep.p12 openssl rsa -in ksb_priv_key.pem -out ksb_priv_key_nopass.pem
Also, here is the config in my Apache httpd-ssl.conf file:
SSLCertificateFile "C:/Apache2.2/conf/ksb_cert_rep.p12" SSLCertificateKeyFile "C:/Apache2.2/conf/ksb_priv_key_nopass.pem"
-
djangofan over 12 yearsThanks. I can't believe I didn't notice that.
-
djangofan over 12 yearsI also suspect what while its true that on Windows , Apache expects x509, on linux, this is not the case?
-
ravi yarlagadda over 12 years@djangofan What makes you think that?