I'm trying to build Apache+mod_ssl+mod_perl with the latest and greatest
versions: apache_1.3.9, mod_ssl-2.4.6-1.3.9, mm-1.0.12, mod_perl-1.21 and
perl-5.005_03; gcc is version 2.8.1 on HP-UX 10.20.
Plain-old Apache runs OK, mod_perl passes the `make test` and a few other
homebrew tests, but the whole thing won't work if I try SSL (`apachectl
startssl` as opposed to `apachectl start`).
Since I'm building this to upgrade an existing production server, I grabbed the
existing key and Verisign cert from the production machine, copied them over to
my development machine, and installed them in the exact same way I did for
production:
cd /opt/apache/conf/ssl.crt/
cp /path/to/server.crt /path/to/server.key .
chmod 550 server.crt server.key
chown httpd:httpd server.crt server.key
make
My httpd.conf says:
SSLCertificateFile /opt/apache/conf/ssl.crt/server.crt
SSLCertificateKeyFile /opt/apache/conf/ssl.key/server.key
Then I try to run Apache:
/opt/apache/bin/apachectl startssl
And get and error:
Apache:mod_ssl:Error: Private key not found.
**Stopped
/opt/apache/bin/apachectl startssl: httpd could not be started
error_log says:
mod_ssl: Init: Private key not found (OpenSSL library error follows)
OpenSSL: error:0D09B08F:asn1 encoding routines:d2i_PrivateKey:unknown
public key type
Huh?
I'm using the same OpenSSL libraries as the production server (OpenSSL 0.9.3a
29 May 1999), and the old Apache-1.3.6+mod_ssl-2.3.9 has no problem with the
same key+cert pair using this library.
Am I overlooking something obvious? Maybe I have to re-encode the key or cert?
Any help would be greatly appreciated and would justly deserve a beer on me
whenever you come over to Mexico City.
TIA... Marco Zamora
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
