httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Melanie Pfefer <melanie_pfe...@yahoo.co.uk>
Subject Re: [users@httpd] ssl on apache
Date Thu, 07 May 2009 12:04:05 GMT

Hi

Things went OK now.
I can access apache on the secure port and using a real certificate.

Now, I want to redirect to tomcat that is also on ssl. Tomcat has a self-signed and expired
certificate.

The redirection went OK without certificate warning.

Now my question is:

What’s the point of exporting the tomcat certificate :
keytool -export -alias tomcat -rfc > tomcat.pem

and do c_rehash  /usr/local/apache/conf/ssl ?

I just deleted the tomcat certificate and the linked file (generated by c_rehash) and the
redirection went OK.

Thank you,



--- On Thu, 7/5/09, Krist van Besien <krist.vanbesien@gmail.com> wrote:

> From: Krist van Besien <krist.vanbesien@gmail.com>
> Subject: Re: [users@httpd] ssl on apache
> To: users@httpd.apache.org
> Date: Thursday, 7 May, 2009, 2:30 PM
> On Thu, May 7, 2009 at 11:23 AM,
> Melanie Pfefer
> <melanie_pfefer@yahoo.co.uk>
> wrote:
> >
> > Hi.
> >
> > I am getting this error after I received the
> certificate from the root CA:
> >
> > [error] Init: Unable to read server certificate from
> file /usr/local/apache/conf/ssl/server.crt
> > [error] SSL Library Error: 218529960
> error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong
> tag
> > [error] SSL Library Error: 218595386
> error:0D07803A:asn1 encoding
> routines:ASN1_ITEM_EX_D2I:nested asn1 error
> > [error] SSL Library Error: 218640442
> error:0D08303A:asn1 encoding
> routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
> >
> >
> > Is it a problem with the certificate or something I
> should change in httpd.conf?
> >
> > openssl x509 -noout -text -in
> /usr/local/apache/conf/ssl/server.crt
> > unable to load certificate
> > 25764:error:0906D06C:PEM routines:PEM_read_bio:no
> start line:pem_lib.c:647:Expecting: TRUSTED CERTIFICATE
> >
> > What went wrong and any idea what to fix?
> 
> 
> It might be that there is a problem with the format of the
> certificate.
> 
> Try both:
> openssl x509  -text  -inform DER -in
> /usr/local/apache/conf/ssl/server.crt
> and
> openssl x509  -text  -inform PEM -in
> /usr/local/apache/conf/ssl/server.crt
> 
> If the first works, but the second doesn't you received
> your
> certificate in DER format. (Openssl expects PEM unless you
> tell it
> otherwise)
> 
> You can convert it using:
> openssl x509 -inform DER -outform PEM -in <infile>
> -out  <outfile>
> 
> 
> Krist
> 
> -- 
> krist.vanbesien@gmail.com
> krist@vanbesien.org
> Bremgarten b. Bern, Switzerland
> --
> A: It reverses the normal flow of conversation.
> Q: What's wrong with top-posting?
> A: Top-posting.
> Q: What's the biggest scourge on plain text email
> discussions?
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more
> info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 


      

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message