Lin Geng wrote:
>
> Did yuo check the format of the certificate and the key file? Apache uses
> PEM.
This may sound daft, but I had a similar problem with a key
sent from BT Trustwise (they are a Verisign partner in the
UK). The problem was a blank line between the last line of
the key, and the "end of certificate" line.
So my DC was supplied like this:
-----BEGIN CERTIFICATE-----
.
.
.
jasdf98y4f4fj9J89weSfjor
-----END CERTIFICATE-----
So I removed the last blank ine as below, and voila!
-----BEGIN CERTIFICATE-----
.
.
.
jasdf98y4f4fj9J89weSfjor
-----END CERTIFICATE-----
>
> -----Original Message-----
> From: Brian Pollock <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
> Date: Sunday, May 09, 1999 5:23 PM
> Subject: Problem getting Verisign Cert to work
>
> >Hi
> >
> >I have seen my exact problem in the archives, but I could never find out
> >what the solution was to the problem. I am setting up an Apache
> >webserver using mod_ssl/openssl. I have been using the test certificate
> >just fine, but now I have my real certificate from Verisign. When I
> >setup my httpd.conf to point at the key file and new cert file the
> >server starts just fine propmting me for my key password, but when I
> >connect via https I get these errors in my logs:
> >
> >[09/May/1999 14:17:41] [error] Unable to configure server private key
> >for connection (OpenSSL library error follows)
> >[09/May/1999 14:17:41] [error] OpenSSL: error:14080074:SSL
> >routines:SSL3_ACCEPT:bad protocol version number
> >
> >So, per the message I found in the archive I did the following, results
> >follow.
> >
> >openssl s_server -ssl3 -bugs -key ssl.key/xxx.key -cert ssl.crt/xxx.crt
> >Using default temp DH parameters
> >Enter PEM pass phrase:
> >unable to get private key from 'ssl.key/xxx.key'
> >5099:error:14080074:SSL routines:SSL3_ACCEPT:bad protocol version
> >number:x509_cmp.c:286:
> >
> >Server info: Red Hat 5.2, Apache/1.3.6, openssl-0.9.2b,
> >mod_ssl-2.2.8-1.3.6
> >
> >
> >Any help would be greatly appreciated.
> >
> >
> >Thanks!
> >Brian
> >______________________________________________________________________
> >Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> >User Support Mailing List [EMAIL PROTECTED]
> >Automated List Manager [EMAIL PROTECTED]
> >
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
