R
R
resident2013-01-23 02:03:41
Apache HTTP Server
resident, 2013-01-23 02:03:41

How to set up https in Apache with your own certificate for the domain?

I bought an SSL certificate for a domain and I can't configure https in Apache. Gives an error:

[Wed Jan 23 01:56:42 2013] [error] Init: Private key not found
[Wed Jan 23 01:56:42 2013] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines: ASN1_CHECK_TLEN:wrong tag
[Wed Jan 23 01:56:42 2013] [error] SSL Library Error: 218640442 error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
[Wed Jan 23 01:56:42 2013] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Wed Jan 23 01:56:42 2013] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
[Wed Jan 23 01:56:42 2013] [error] SSL Library Error: 67710980 error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib
[Wed Jan 23 01:56:42 2013] [error] SSL Library Error: 218529960 error :0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Wed Jan 23 01:56:42 2013] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error

There are 4 certificate files:

AddTrustExternalCARoot .crt
key.txt
domaine_com.crt
PositiveSSLCA2.crt

They are all text files in the format:

-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----

As soon as I have not tried to configure it, it always gives the same error. I have no idea how to set it up, please help.

Answer the question

In order to leave comments, you need to log in

3 answer(s)
N
nochkin, 2013-01-23
@nochkin

It would be useful to indicate how they are registered in the configs, so that you can see what is wrong.

M
merlin-vrn, 2013-01-23
@merlin-vrn

It says : private key not found
Is it key.txt? The Apache has the right to what to address on reading? Is the key itself in the correct format (PEM)?
It is also useful to manually look at each certificate with the command openssl x509 -in domaine_com.crt -noout -text

M
merlin-vrn, 2013-01-24
@merlin-vrn

These are all certificates in PEM format.
What is between BEGIN CERTIFICATE and END CERTIFICATE, in principle, is not secret information - there is a public key, information about it and signatures of a certification authority confirming this public key and additional information. This information can be analyzed with the command openssl x509 -in domaine_com.crt -noout -text
The system is such that several objects can be collected in one file, then they will go one after the other, in turn: one ended, END CERTIFICATE, then the next BEGIN immediately begins anything. You can also connect the certificate to the private key.
No file has a line like -----BEGIN RSA PRIVATE KEY-----, perhaps not at the beginning of the file? Then there is no private key. Without it, it's obviously pointless to try to do anything.
If found, take everything from ----BEGIN… PRIVATE KEY---- (including this line) to ----END… PRIVATE KEY---- (including). copy to a separate file. This file must be specified to Apache in the SSLCertificateKeyFile directive

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question