Ralf,
Thanks for your reply. The problem seems, as you've said, to be with
OpenSSL, but I've tried "make certificate" again and it doesn't seem to
help. I'm wondering if the problem may be to do with my install, since I've
only just moved into a dedicated machine and could be considered a "make
newbie". Please forgive my ignorance on this matter.
I would appreciate it if you could look though my installation procedure and
point out any faults to me. This is for RedHat 6.0, with PHP compiled as a
module. Following the advice of others, the docs and the FAQ's, I'm under
the impression that this means configuring and making OpenSSL; configuring
mod_ssl; configuring and making Apache; configuring, making and installing
PHP; and finally configuring and making Apache once more, and then
installing Apache (I was given to believe that with PHP you need to make it
before _and_ after making PHP).
So here's the process I'm taking - I've followed as close to the INSTALL
file as possible. Note that because I'm a European citizen (although the
machine is in the States), I'm using "no-idea" and not using the RSAref
library. I'm also trying to configure Apache with DSO support, and I'm
leaving MM out of the process - at least for the moment - but I would
appreciate your advice on whether or not I should be using it. (I'm not sure
exactly what it is/does? :)
Unzip everything:
$ gzip -d -c apache_1.3.9.tar.gz | tar xvf -
$ gzip -d -c mod_ssl-2.4.9-1.3.9.tar.gz | tar xvf -
$ gzip -d -c openssl-0.9.4.tar.gz | tar xvf -
Configure and make openssl:
$ cd openssl-0.9.4
$ sh config \
$ > no-idea \
$ > -fPIC
$ make
(Should I "make install" at this point, or will SSL_BASE=../openssl-blah do
this?)
Configure mod_ssl:
$ cd ../mod_ssl-2.4.9-1.3.9
$ ./configure \
$ > --with-apache=../apache_1.3.9 \
(Do I not make mod_ssl? It doesn't mention this in the INSTALL file?)
Configure and make Apache (pre-PHP):
$ cd ../apache_1.3.9
$ SSL_BASE=../openssl-0.9.4 \
$ > ./configure \
$ > --with-layout=RedHat \
$ > --enable-module=most \
$ > --enable-module=ssl \
$ > --enable-shared=max \
$ make
$ make certificate
(Or should I leave "make certificate" until I compile Apache again, after
compiling PHP?)
Configure and make PHP:
$ cd ../php-3.0.12
$ ./configure \
$ > --with-apxs=/usr/sbin/apxs \
$ > --with-config-file-path=/etc/httpd/conf
$ > --with-mysql --with-imap --with-gd
$ make
$ make install
Configure and make Apache (post-PHP):
$ cd ../apache_1.3.9
$ SSL_BASE=../openssl-0.9.4 \
$ > ./configure \
$ > --with-layout=RedHat \
$ > --enable-module=most \
$ > --enable-module=ssl \
$ > --enable-shared=max \
$ make
$ make install
While I'm here, I'd just like to say that, in addition to mod_ssl, I have to
thank you for mod_rewrite, a module I use every day when creating dynamic
sites with PHP and MySQL. I'd be lost without it. Now if only I could get
the hang of mod_vhost_alias. :)
Thank you,
adam
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Ralf S. Engelschall
> Sent: 14 December 1999 07:07
> To: [EMAIL PROTECTED]
> Subject: Re: Error: expecting an asn1 sequence
>
>
> On Mon, Dec 13, 1999, adam beecher wrote:
>
> > I'm trying to set up (on RH 6.0) openssl/mod_ssl/apache/php3, all latest
> > (production) versions, with DSO (apxs). Everything seems to be
> configuring,
> > compiling and installing ok, but when I try and start the
> server with SSL, I
> > get the following error:
> >
> > [Mon Dec 13 23:22:26 1999] [error] mod_ssl: Init: Unable to read server
> > certificate from file /etc/httpd/conf/ssl.crt/server.crt
> (OpenSSL library
> > error follows)
> > [Mon Dec 13 23:22:26 1999] [error] OpenSSL: error:0D09F007:asn1 encoding
> > routines:d2i_X509:expecting an asn1 sequence
> >
> > Anyone tell me the stupid mistake I made? Total SSL newbie. :)
>
> Look inside the /etc/httpd/conf/ssl.crt/server.crt file. It has
> to contain
> the certificate of the server in PEM format. Seems like
> something is messed
> up there. Check whether its correct with "openssl x509 -noout -text -in
> /etc/httpd/conf/ssl.crt/server.crt". If this already fails, this
> has nothing
> to do with Apache or mod_ssl, etc. Then OpenSSL already has a
> problem to read
> the contents. If all fails, recreate the file with "make certificate" if
> it was just a test certificate.
> Ralf S. Engelschall
> [EMAIL PROTECTED]
> www.engelschall.com
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
