[lug] self-signed apache certs
D. Stimits
stimits at comcast.net
Sun Aug 10 20:57:36 MDT 2003
I'm trying to fix a broken private (in house only) web server ssl. It
died because the cert expired. This is from KRUD 7.3. I tried to
self-sign based on:
http://www.modssl.org/docs/2.8/ssl_faq.html#ToC27
I created
ca.crt
ca.key
server.crt
server.csr
server.key
Some other files are generated as well.
This is running on a machine without any server source code, and lacks
sign.sh, so I used sign.sh from another RH 7.3 (KRUD 7.3) install. It
looks like sign.sh is working, then it dies at the end:
unable to load CA private key
22903:error:06065064:digital envelope routines:EVP_DecryptFinal:bad
decrypt:evp_enc.c:277:
22903:error:0906A065:PEM routines:PEM_do_header:bad decrypt:pem_lib.c:451:
CA verifying: server.crt <-> CA cert
server.crt: unable to load certificate file
22904:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:662:Expecting: CERTIFICATE
This web server is non-routable, nobody can see it but me for the most
part. What am I doing wrong that signing fails? I pretty much can't use
any of my web based error logs till I get this fixed.
D. Stimits, stimits AT comcast DOT net
More information about the LUG
mailing list