Todd Chapman wrote: > Hello, > > I have been trying to get SSL working with Apache2 on a CentOS 4.2 machine. > After installing openssl-1.0.9.8d, I created a .csr and sent that to > www.ipsca.com. I received my certificate the next day and followed the > instructions provided on how to install the cert. After the install, I ran > 'apachectl startssl' and was prompted for the passphrase. I then checked the > running processes and found that httpd was not running. I checked the error > log and found the following: > > [Tue Nov 28 15:24:05 2006] [warn] RSA server certificate CommonName (CN) > `localhost.localdomain' does NOT match server name!? > [Tue Nov 28 15:24:05 2006] [error] Unable to configure RSA server private > key > [Tue Nov 28 15:24:05 2006] [error] SSL Library Error: 185073780 > error:0B080074:x509 certificate routines:X509_check_private_key:key values > mismatch
Well, you certainly did not get a certificate for "localhost.localdomain" from IPSCA, so I guess that the server loads a dummy certificate. The error from openssl seems to indicate that the key does not match the configured certificate, so maybe the server loads the correct key, but the wrong certificate. Make sure that the config entries "SSLCertificateFile" and "SSLCertificateKeyFile" point to the correct files. I hope that helps already otherwise you might need to provide more information (like the SSL-part of your httpd.conf) Regards, Olaf -- Dipl.Inform. Olaf Gellert INTRUSION-LAB.NET Senior Researcher, www.intrusion-lab.net PKI - and IDS - Services [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]