Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[solved]Unable to install new SSL certificate for Apache
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
roarkh
Tux's lil' helper
Tux's lil' helper


Joined: 24 May 2003
Posts: 90
Location: Bellingham, Washington

PostPosted: Tue Jul 21, 2015 7:04 pm    Post subject: [solved]Unable to install new SSL certificate for Apache Reply with quote

Hi everyone,

I have a Gentoo server running Apache2 with a working GoDaddy SSL certificate that is about to expire next week. Instead of trying to renew the certificate I decided I would just purchase a new certificate and set that up using the documentation I made when I set up the original certificate.

I ran the following command to create the certificate signing request (I have replaced our actual domain name with 'mydomain')...

Code:
openssl req -new -newkey rsa:2048 -nodes -keyout webservices.mydomain.org.key -out webservices.mydomain.org.csr


I answered all of the questions the same as before and webservices.mydomain.org.csr was created which I supplied to GoDaddy and the new certificate was generated which I downloaded.

Then, I placed the new .crt file I received from GoDaddy into /etc/ssl/apache2, and replaced the gd_bundle-g2-g1.crt and webservices.mydomain.org.key files in there as well with the new ones. After that I edited /etc/apache2/vhosts.d/00_default_ssl_vhost.conf, the only file name that changed was the file pointing to the new certificate so I went ahead and updated that but after doing so Apache will not restart, I am presented with the following errors in the ssl error log file...

Code:
[Tue Jul 21 11:27:11 2015] [error] Init: Private key not found
[Tue Jul 21 11:27:11 2015] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Tue Jul 21 11:27:11 2015] [error] SSL Library Error: 218640442 error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
[Tue Jul 21 11:27:11 2015] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Tue Jul 21 11:27:11 2015] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
[Tue Jul 21 11:27:11 2015] [error] SSL Library Error: 67710980 error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib
[Tue Jul 21 11:27:11 2015] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Tue Jul 21 11:27:11 2015] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error


The first error says "Private key not found" but I am positive that the configuration file is pointing to the right file.

Can anyone tell me what I might be doing wrong here? I would really appreciate any guidance as I am really stumped. I will admit this is the first time I have tried replacing an existing certificate with a new one in Gentoo so perhaps that has something to do with my confusion.


Last edited by roarkh on Tue Jul 21, 2015 7:59 pm; edited 1 time in total
Back to top
View user's profile Send private message
roarkh
Tux's lil' helper
Tux's lil' helper


Joined: 24 May 2003
Posts: 90
Location: Bellingham, Washington

PostPosted: Tue Jul 21, 2015 7:58 pm    Post subject: Reply with quote

I decided to just start over with another new certificate request and this time Apache restarted and recognized the new certificate just fine. I must have made a mistake somewhere the first time but am not sure what I did wrong. In any case this is solved now.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum