Update Verisign Certificate now Apache wont start

Posted on 2011-05-09
Last Modified: 2012-05-11
Our Verisign Certificate has expired, so I renewed it.  I have copied the public.crt that Verisign generated to the directory and filename that is indicated in my httpd.conf, along with the private key (vsprivate.key), and the intermediate CA's.  Now when I try to start Apache I am getting the following in the log:

[Mon May 09 08:30:07 2011] Init: Unable to read server certificate from file /etc/verisign/public.crt
[Mon May 09 08:30:07 2011] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon May 09 08:30:07 2011] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error

We are running Apache 2.2.4 and mod_ssl.

The previous certificate had been working fine, I can copy my files from expired certificate and apache starts correctly, but when I try to access the secured pages via https I get a certificate expired warning.

One more item that may be pertinent is that the old Certificate had a key bit size of 1024 and the new one has 2048.
Question by:dsgvwf
    LVL 14

    Accepted Solution


    Author Closing Comment

    It seems that I needed to remove the password from the private key, using:

    openssl rsa -in <private.key> -out <newprivate.key>

    for security the new file should be marked as only readable by root.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    If your site has a few sections that need to be secure when data is transmitted between the server and local computer, such as a /order/ section for ordering or /customer/ which contains customer data, etc it would of course be recommended to secure…
    In Solr 4.0 it is possible to atomically (or partially) update individual fields in a document. This article will show the operations possible for atomic updating as well as setting up your Solr instance to be able to perform the actions. One major …
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
    Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now