SLCertificateFile points already the certificate:
SSLCertificateFile conf/ssl.crt
SSLCertificateKeyFile conf/ssl.key
The doc says the directive can be used multiple times.
So I added : SSLCertificateFile conf/sub.class2.server.ca.cer
But then Apache does not start:
[Tue Mar 11 23:03:56.812199 2014] [ssl:emerg] [pid 4356:tid 468]
AH02577: Init: SSLPassPhraseDialog builtin is not supported on Win32
(key file D:/servers/apacheS/conf/sub.class2.server.ca.cer)
[Tue Mar 11 23:03:56.812199 2014] [ssl:emerg] [pid 4356:tid 468]
AH02312: Fatal error initialising mod_ssl, exiting.
[Tue Mar 11 23:03:56.812199 2014] [ssl:emerg] [pid 4356:tid 468]
AH02564: Failed to configure encrypted (?) private key
www.land10web.com:443:1, check
D:/servers/apacheS/conf/sub.class2.server.ca.cer
[Tue Mar 11 23:03:56.813199 2014] [ssl:emerg] [pid 4356:tid 468] SSL
Library Error: error:0D0680A8:asn1 encoding
routines:ASN1_CHECK_TLEN:wrong tag
[Tue Mar 11 23:03:56.813199 2014] [ssl:emerg] [pid 4356:tid 468] SSL
Library Error: error:0D08303A:asn1 encoding
routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
[Tue Mar 11 23:03:56.813199 2014] [ssl:emerg] [pid 4356:tid 468] SSL
Library Error: error:0D0680A8:asn1 encoding
routines:ASN1_CHECK_TLEN:wrong tag
[Tue Mar 11 23:03:56.813199 2014] [ssl:emerg] [pid 4356:tid 468] SSL
Library Error: error:0D07803A:asn1 encoding
routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=RSA)
[Tue Mar 11 23:03:56.813199 2014] [ssl:emerg] [pid 4356:tid 468] SSL
Library Error: error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib
...
So I leave it now with SSLCACertificateFile
conf/sub.class2.server.ca.cer , which looks working fine.
On Tuesday 11/03/2014 at 22:53, Falco Schwarz wrote:
On 11 Mar 2014, at 22:43, Steffen <i...@apachelounge.com> wrote:
Builds fine on VC11 Win32, other flavors I try tomorrow
Till now it runs fine, but get the following (run OpenSSL 1.0.1f):
AH02559: The SSLCertificateChainFile directive
(D:/servers/apacheS/conf/extra/httpd-ssl.conf:55) is deprecated,
SSLCertificateFile should be used instead
In the change log it is mentioned. By instruction of my certificate
Certification Authority in conf:
SSLCertificateChainFile conf/sub.class2.server.ca.cer
SSLCACertificateFile conf/ca.cer
Changed to:
SSLCACertificateFile conf/sub.class2.server.ca.cer
and as expected the warning is gone.
Not sure if it has any consequences ?
Instead of using SSLCACertificateFile, try using only
SSLCertificateFile, as described here:
http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslcertificatefile