Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: Apache 2 and Mod_SSL, Install Certificate |
|
| Author |
|
luckybob
Joined: 08 Feb 2007
Posts: 3
|
 Posted: Thu 08 Feb '07 22:48 Post subject: Apache 2 and Mod_SSL, Install Certificate |
 |
|
I am trying to install a certificate from Comodo.com, but I am running into a few issues. My site is up and running with the temp certificate, and it works fine. When ever I try and add the certificate I got from comodo, I get the following error:
| Code: | [Wed Feb 07 17:28:28 2007] [warn] RSA server certificate CommonName (CN) `kposhop.com' does NOT match server name!?
[Wed Feb 07 17:28:28 2007] [error] Unable to configure RSA server private key
[Wed Feb 07 17:28:28 2007] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
|
Here is the SSL portion of the apache config:
| Code: | SSLCertificateFile conf/ssl.crt/kposhop/kposhop_com.ca-bundle
SSLCertificateFile conf/ssl.crt/kposhop/kposhop_com.crt
SSLCertificateKeyFile conf/ssl.crt/kposhop/private.key
|
kposhop_com.ca-bundle and kposhop_com.crt were provided by comodo.com. The private key I made with openssl. When I remove the private.key file, or comment it out, I get the following error:
| Code: | [Mon Feb 05 17:29:38 2007] [error] Init: SSLPassPhraseDialog builtin is not supported on Win32 (key file D:/Program Files/xampp/apache/conf/ssl.key/kposhop_com.ca-bundle)
[Mon Feb 05 17:33:17 2007] [error] Init: SSLPassPhraseDialog builtin is not supported on Win32 (key file D:/Program Files/xampp/apache/conf/ssl.crt/kposhop_com.crt) |
Can anyone help me with getting the certificates installed and working. I would greatly appreciate any help.
Server Details
*Windows 2003 Server RC2
*Apache 2.2.3 and mod_ssl 2.2.3
*openssl 0.9.8d
*PHP 5.1.6
If you need more information, just let me know.
Luckybob
EDIT: Pasted the wrong error code from the apache log file.
Last edited by luckybob on Fri 09 Feb '07 0:14; edited 1 time in total |
|
| Back to top |
|
VoodooMill
Joined: 11 Jan 2007
Posts: 60
|
| Posted: Thu 08 Feb '07 23:43 Post subject: |
|
|
Hi luckybob,
I recently ran into this issue myself.
The key file needs to be unencrypted. At the command line:
>> openssl rsa -in your_current_key_file.key -out new_key_file.key
Then replace the the key file Apache is looking for with the new key file you generated. |
|
| Back to top |
|
luckybob
Joined: 08 Feb 2007
Posts: 3
|
| Posted: Fri 09 Feb '07 0:13 Post subject: |
|
|
I do appreciate the speedy response, but that does not solve the current issue. When I get the error that they key file is encrypted, I am only using the crt file and the ca-bundle file. I was not issued a key. When creating the key through openssl myself, I get this error:
| Code: | | [Wed Feb 07 17:28:28 2007] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch |
This is with an unencrypted key. |
|
| Back to top |
|
luckybob
Joined: 08 Feb 2007
Posts: 3
|
| Posted: Tue 13 Feb '07 1:13 Post subject: |
|
|
| Anyone else have any ideas? |
|
| Back to top |
|
pips
Joined: 03 May 2006
Posts: 65
Location: Manchester, UK
|
| Posted: Tue 13 Feb '07 2:27 Post subject: |
|
|
Sorry Bob, not sure about this one..... 
I've created my own keys using the instructions in my install pdf, but I struggled initially when learning about how to set one up, as there seemed to be little knowledge about how to create them. I eventually managed to work it all out using information taken from several places.
The link to the topic with the instructions is: http://www.apachelounge.com/viewtopic.php?t=1372
Cheers,
Phil. |
|
| Back to top |
|
VoodooMill
Joined: 11 Jan 2007
Posts: 60
|
| Posted: Tue 13 Feb '07 19:30 Post subject: |
|
|
luckybob,
Perhaps reviewing your certificate request process would help.
I do the following:
1) Generate a key:
openssl genrsa -des3 -out sslcert.key 1024
2) Generate certificate request:
openssl req -new -key sslcert.key -out sslcert.csr
3) Place request for the certificate with chosen signing company.
4) Place returned certificate and key generated in step 1 in a folder and point Apache to them. |
|
| Back to top |
|
|
|
|
|
|
