Re: Problems w/ VeriSign certificate

Wed, 12 Jul 2000 23:57:14 -0700

Title: Re: Problems w/ VeriSign certificate

This problem has been solved.  It is unclear exactly where the problem lies, but somewhere along the line the certificate file's control characters (Line breaks, etc.) were being modified into a format that was not readable.  Editing the file on the Linux server to restore proper line breaks took care of the issue.  I still find it odd that I have never had this problem when transferring any other files via this exact same method, only the certificate file.  But at this point, I'm just happy it works and I can go about my business.  Thanks for any help.

Doug Taylor
Enabled Sites

*****

Original Message Follows
------------------------

Note:  I am using mod_ssl version 2.6.4-1.3.12, OpenSSL version 0.9.4, and Apache version 1.3.12.

Here is my situation:

I create a key pair (.key and .crt files) and update Apache's config file to look for them.
No problem, Apache works, SSL works, all is well.

I then use my .key file to create a .csr file and send it off to VeriSign.  They send me back a file, which I install in place of the .crt file.  Apache now will not start w/ SSL.

So I take a look at my original .crt file using the following command:
openssl x509 -noout -text -in /path/to/my/certificate.crt

And it outputs a list of information about the certificate.  No problem.  All is working well.

Then I attempt the same command with my new .crt file (the one from VeriSign), and get the following output:

unable to load certificate
26265:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:610:

I have tried resolving this with VeriSign to no end.  All they will say to me is "There isn't much documentation for Apache.  So we can't help you.  Please go look on your own at the Apache/mod_ssl/OpenSSL documentation".  I have looked over the docs again and again, and still can find no explanation of what might be causing this problem.  Everything I see says that all I should have to do at this point is replace the .crt file that I created on my own with the one they signed and sent to me.  So it almost seems like they're sending me a bad file, but I've tried it 3 times with them (using a different key each time) and all efforts have come to the same result.

Any help appreciated, I don't really know where else to look...

Doug Taylor
Enabled Sites

Reply via email to