httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From HATJIEVGENIADU AMALIA <a.hatjievgeni...@abcol.ac.uk>
Subject [users@httpd] SSL problem with Apache2.0.47 on Solaris 9
Date Tue, 02 Sep 2003 16:06:34 GMT
Has anyone come across this (?):

	Installed Apache2.0.47 on a Solaris9 server, with openldap2.1.22 and
openssl0.9.7b.
	Configured Apache as follows
	./configure -with-layout=Solaris -disable-slapd -enable-static
-enable-shared
	make
	make install
	./configure -with-ldap -enable-ldap -enable-auth_ldap -with-ssl
-enable-ssl -enable-rewrite
	make
	make install
	LDAP authentication works, I have configured virtual hosts and am
trying to obtain an SSL certificate in order to activate SSL. This proves
difficult, although I did get it to work with no problem when my UNIX server
was still Solaris 8.
	Following the directions in
<http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html> I produced an RSA
private key and used this to create a CSR file, i.e.
	openssl genrsa -des3 -out server.key 1024
	openssl req -new -key server.key -out server.csr
	Then I create my own CA to sign the CSR, producing first a private
key for the CA and then a self-signed CA certificate, i.e.
	openssl genrsa -des3 -out ca.key 1024
	openssl req -new -x509 -days 365 -key ca.key -out ca.crt
	When I put the server.csr through the sign.sh script (from the
pkg.contrib. directory of the mod_ssl distribution), I get this error
message:
	
----------------------------------------------------------------------------
--------------------------------------
	# ./sign.sh server.csr
	CA signing: server.csr -> server.crt:
	Using configuration from ca.config
	Enter PEM pass phrase:
	Check that the request matches the signature
	Signature did not match the certificate request
	CA verifying: server.crt <-> CA cert
	server.crt: unable to load certificate file
	19518:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:666:Expec
	ting: CERTIFICATE
	
----------------------------------------------------------------------------
--------------------------------------

	If I try to submit the server.csr file to a commercial CA (Thawte),
I get an error message as well:
	
----------------------------------------------------------------------------
-------------------------------------
	Form Processing Error!

	 An error occurred while we were processing your form. Usually this
means that
	 one of the values you submitted in your form was invalid, or you
did not put a
	 value in a required field. Please check the error message below,
and then review
	 your submission.
	 The actual error given was:
	 Your CSR is not self-signed.

	 Thanks,

	 The thawte team
	 Thawte Digital Certificates 
	
----------------------------------------------------------------------------
---------------------------------------

	Reported the error to Thawte but got nowhere with it.

	Your thoughts on this will be much appreciated.
	Regards
	Amalia

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message