SSL Certificates for IP based Virtual Hosts - httpd fails to start

Support for webhosts that use CentOS

SSL Certificates for IP based Virtual Hosts - httpd fails to start

Postby videod » 2011/05/27 01:15:01

Background -
I have installled a self signed certificate for a devlopment environment I created on VMWare 2.2. I used the following method:
========================================
Creating your certificate

You will now have everything on your server to create CAs. You need to generate a private key, a csr, a self-signed key, and then you need to copy these files to the correct location. This is done with the following steps.

1. Open up a terminal window.
2. Su to the root user.
3. Generate the private key with the command openssl genrsa -out ca.key 1024.
4. Generate the csr with the command openssl req -new -key ca.key -out ca.csr.
5. Generate the self-signed key with the command openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt.
6. Move the self-signed key with the command cp ca.crt /etc/pki/tls/certs.
7. Move the private key with the command cp ca.key /etc/pki/tls/private/ca.key.
8. Move the csr with the command cp ca.csr /etc/pki/tls/private/ca.csr.

Edit the Apache SSL configuration

Open the file /etc/httpd/conf.d/ssl.conf and look for the section SSLCertificateFile. Make sure that line reads:

SSLCertificateFile /etc/pki/tls/certs/ca.crt

Now look for the SSLCertificateKeyFile and make sure that section reads:

SSLCertificateKeyFile /etc/pki/tls/private/ca.key

Save that file and you are ready to restart Apache.

Restart and test

==================================================
The websties are setup as Vitrual Hosts both IP and Named based.

For some reason when I try to start httpd it fails, but when everything is named based (SSL disabled) httpd works. I looked in the httpd error_log file and noticed the following error and was wondering if anyone can give me a clue. I have chmod all of the cert and key files to 755 and httpd still fails:

[Thu May 26 17:20:41 2011] [error] Init: Unable to read server certificate from file /etc/pki/tls/private/ca.csr
[Thu May 26 17:20:41 2011] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Thu May 26 17:20:41 2011] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error

Thanks in advance.

~Vid
CentOS 5.6
Apache 2.2.3
videod
 
Posts: 8
Joined: 2011/05/26 01:02:12

SSL Certificates for IP based Virtual Hosts - httpd fails to

Postby evarie » 2011/07/21 19:15:13

I have the same problem, but i could not found more information to solve.

I did use this page : http://wiki.centos.org/HowTos/Https

I find out that the problem will be around the virtualhost for https.
evarie
 
Posts: 29
Joined: 2010/11/11 22:47:00

Re: SSL Certificates for IP based Virtual Hosts - httpd fails to start

Postby evarie » 2011/07/21 19:26:12

It is may be a little bit crazy.

But you do not have to put a virtualhost *:443 information in /etc/httpd/conf/httpd.conf
Just disable it with # and you wil see it works.

Then next question is : In which file mus i put virtualhost information?
evarie
 
Posts: 29
Joined: 2010/11/11 22:47:00

Re: SSL Certificates for IP based Virtual Hosts - httpd fails to start

Postby videod » 2011/09/03 04:52:49

Thanks I eventually got it to work!
videod
 
Posts: 8
Joined: 2011/05/26 01:02:12

Re: SSL Certificates for IP based Virtual Hosts - httpd fails to start

Postby dabdalah » 2011/12/27 23:44:01

Hello,

I'm fairly new to Linux and I'm having the same exact problem as you guys, I followed the same steps that you did, but when pointing my web browser to my site I get the following error "501 Not Implemented. The requested method is not implemented by this server. " However, If try accesing my site locally thru my ip address it works! (https://192.#.#.#) Any ideas?? by the way, how did you get your to work??
dabdalah
 
Posts: 2
Joined: 2011/12/27 23:25:02


Return to CentOS 5 - Webhosting Support

Who is online

Users browsing this forum: No registered users and 1 guest