Update Verisign Certificate now Apache wont start

Our Verisign Certificate has expired, so I renewed it.  I have copied the public.crt that Verisign generated to the directory and filename that is indicated in my httpd.conf, along with the private key (vsprivate.key), and the intermediate CA's.  Now when I try to start Apache I am getting the following in the log:

[Mon May 09 08:30:07 2011] Init: Unable to read server certificate from file /etc/verisign/public.crt
[Mon May 09 08:30:07 2011] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon May 09 08:30:07 2011] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error

We are running Apache 2.2.4 and mod_ssl.

The previous certificate had been working fine, I can copy my files from expired certificate and apache starts correctly, but when I try to access the secured pages via https I get a certificate expired warning.

One more item that may be pertinent is that the old Certificate had a key bit size of 1024 and the new one has 2048.
dsgvwfAsked:
Who is Participating?
 
JAN PAKULAICT Infranstructure ManagerCommented:
0
 
dsgvwfAuthor Commented:
It seems that I needed to remove the password from the private key, using:

openssl rsa -in <private.key> -out <newprivate.key>

for security the new file should be marked as only readable by root.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.