Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: faulty ssl installtion |
|
| Author |
|
luggie
Joined: 14 Aug 2015
Posts: 2
Location: Germany
|
 Posted: Mon 17 Aug '15 12:10 Post subject: faulty ssl installtion |
 |
|
Hi
I've got a site which runs normally without SSL.
(Using Ubuntu 14.04 lte minimal/apache2.4/hostey by hetzner, ssl-certificate via thawte/hetzner)
Thawte check site tells me that theres is somethin wrong with my ssl installtion.
These are my settings:
(virtualhost config file of my site 1234.de)
| Code: | vergrößern
<VirtualHost *:80>
ServerAdmin 1234@5678.de
ServerName 1234.de
ServerAlias www.1234.de
DocumentRoot /var/www/1234.de/public_html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /var/www/1234.de/ssl/public.crt
SSLCertificateKeyFile /var/www/1234.de/ssl/private.key
SSLCertificateChainFile /var/www/1234.de/ssl/intermediate.crt
ServerAdmin 1234@5678.de
ServerName 1234.de
DocumentRoot /var/www/1234.de/public_html
ErrorLog /var/www/1234.de/
</VirtualHost>
</IfModule> |
When I activate the <IfModule> part like here and restart apache it tells me:
| Quote: | | Action 'start' failed. The Apache error log may have more informatio |
Unfortunatly, Errorlog doenst say anything about it.
This is my ports.conf:
| Code: | Listen 80
NameVirtualHost *:80
#<IfModule ssl_module>
# Listen 443
#</IfModule>
<ifModule mod_ssl.c>
NameVirtualHost *:443
Listen 443
</IfModule>
#<IfModule mod_gnutls.c>
# Listen 443
#</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet |
I had to comment mod_gnutls and ssl_mod. Otherwise port 443 would be used twice, my errorlog tells me.
The three ssk key/crt files are there, they are correct and at the correct place.
ssl_mod is installed and running
Thanks, luggie
/edit: got this errorlog now that I edited the path to errorlog in first config
| Code: | [ssl:emerg] [pid 18114] AH02238: Unable to configure RSA server private key
[ssl:emerg] [pid 18114] SSL Library Error: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
|
|
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Mon 17 Aug '15 16:54 Post subject: |
|
|
The content of your private key is not correct.
it should look like
| Code: |
-----BEGIN RSA PRIVATE KEY-----
MIIJKgIBAAKCAgEAsIkPPvBCkEKvgFBsJc4a+jmByEpHxAD8lcppbZ6uP9tAdEO2
....
PPDYsy5p7Y9leTP8IP4eAA86FDbnOlltGu7CV5FoOUicJnfkm+tMv7STWMYYLw==
-----END RSA PRIVATE KEY-----
|
and the certificate like
| Code: |
-----BEGIN CERTIFICATE-----
MIIHXjCCBkagAwIBAgIHBZAKzPB5LTANBgkqhkiG9w0BAQsFADCBjDELMAkGA1UE
...
5z6/qnuR+OVwLDmrvQpOjOshknwLPpOvjgBAj82h+EpAyurwhUNzcnRVhXx7xs+q
kxrGbM0MgaMU5DeyIwZNYcVm
-----END CERTIFICATE-----
|
|
|
| Back to top |
|
|
|
|
|
|
