Re: [VOTE] Release Apache httpd 2.4.8 as GA

Tue, 11 Mar 2014 15:21:06 -0700 


SLCertificateFile points already the certificate:

SSLCertificateFile conf/ssl.crt
SSLCertificateKeyFile conf/ssl.key

The doc says the directive can be used multiple times.
So I added :  SSLCertificateFile conf/sub.class2.server.ca.cer

But then Apache does not start:
[Tue Mar 11 23:03:56.812199 2014] [ssl:emerg] [pid 4356:tid 468] AH02577: Init: SSLPassPhraseDialog builtin is not supported on Win32 (key file D:/servers/apacheS/conf/sub.class2.server.ca.cer) [Tue Mar 11 23:03:56.812199 2014] [ssl:emerg] [pid 4356:tid 468] AH02312: Fatal error initialising mod_ssl, exiting. [Tue Mar 11 23:03:56.812199 2014] [ssl:emerg] [pid 4356:tid 468] AH02564: Failed to configure encrypted (?) private key www.land10web.com:443:1, check D:/servers/apacheS/conf/sub.class2.server.ca.cer [Tue Mar 11 23:03:56.813199 2014] [ssl:emerg] [pid 4356:tid 468] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag [Tue Mar 11 23:03:56.813199 2014] [ssl:emerg] [pid 4356:tid 468] SSL Library Error: error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error [Tue Mar 11 23:03:56.813199 2014] [ssl:emerg] [pid 4356:tid 468] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag [Tue Mar 11 23:03:56.813199 2014] [ssl:emerg] [pid 4356:tid 468] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=RSA) [Tue Mar 11 23:03:56.813199 2014] [ssl:emerg] [pid 4356:tid 468] SSL Library Error: error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib 
...
So I leave it now with SSLCACertificateFile conf/sub.class2.server.ca.cer , which looks working fine. 



On Tuesday 11/03/2014 at 22:53, Falco Schwarz  wrote:




On 11 Mar 2014, at 22:43, Steffen <i...@apachelounge.com> wrote:




Builds  fine on  VC11 Win32, other flavors I try tomorrow

Till now it runs fine, but get the following (run OpenSSL 1.0.1f):
AH02559: The SSLCertificateChainFile directive (D:/servers/apacheS/conf/extra/httpd-ssl.conf:55) is deprecated, SSLCertificateFile should be used instead
In the change log it is mentioned. By instruction of my certificate Certification Authority in conf: 

SSLCertificateChainFile conf/sub.class2.server.ca.cer
SSLCACertificateFile conf/ca.cer

Changed to:
SSLCACertificateFile conf/sub.class2.server.ca.cer

and as expected the warning is gone.

Not sure if it has any consequences ?


Instead of using SSLCACertificateFile, try using only
SSLCertificateFile, as described here:
http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslcertificatefile

Reply via email to