Tobia Zanarella's picture

Hello to everybody!

I'd need some help with my freshly installed Turnkey LAMP Appliance.

I need to use the server for just one single website which will need SSL to go (https://www.mywebsite.com).

The problem is that when we ask Linux to generate the CSR by command line, then Apache fails to start. It gives no specific errors, it just refuses to start.

If I do the same from Webmin, everything works fine. The onyl problem is that when we use the CSR to buy the real certificate (GeoTrust) it won't let us buy it because the CSR is not valid (it contains nothing).

Where's the problem? Where do we go wrong?

 

Thank you all,

best regards!

Forum: 
Alon Swartz's picture

I discussed SSL certificates in this blog post, take a look...

Tobia Zanarella's picture

Thank you!

I'll have a look, I'll let you know...

 

Thank you,

best regards!


Tobia Zanarella's picture

Sorry man, but I'm still unable to generate a proper CSR. I mean, if I follow the instructions in the post you mentioned, I can't find any way to make Apache start.

Any idea..?


Jeremy Davis's picture

From memory you'll find it here: /var/log/apache2/error.log

Tobia Zanarella's picture

Maybe these lines can explain what's going on?

 

[Mon Oct 17 13:06:58 2011] [error] Init: Unable to read server certificate from file /etc/ssl/certs/provablueday.pem
[Mon Oct 17 13:06:58 2011] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Oct 17 13:06:58 2011] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
[Mon Oct 17 13:06:59 2011] [error] Init: Unable to read server certificate from file /etc/ssl/certs/provablueday.pem
[Mon Oct 17 13:06:59 2011] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Oct 17 13:06:59 2011] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
[Mon Oct 17 13:14:43 2011] [error] Init: Unable to read server certificate from file /etc/ssl/certs/provablueday.pem
[Mon Oct 17 13:14:43 2011] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Oct 17 13:14:43 2011] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
[Mon Oct 17 13:15:32 2011] [error] Init: Unable to read server certificate from file /etc/ssl/certs/provablueday.pem
[Mon Oct 17 13:15:32 2011] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Oct 17 13:15:32 2011] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
[Mon Oct 17 13:16:38 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Oct 17 13:16:38 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)


Jeremy Davis's picture

Perhaps this may help?

Tobia Zanarella's picture

Hello!

Thank you, we fixed the issue following again the instructions of your post from a clean new VM.

 

Thanks!


Add new comment