dsgvwf
asked on
Update Verisign Certificate now Apache wont start
Our Verisign Certificate has expired, so I renewed it. I have copied the public.crt that Verisign generated to the directory and filename that is indicated in my httpd.conf, along with the private key (vsprivate.key), and the intermediate CA's. Now when I try to start Apache I am getting the following in the log:
[Mon May 09 08:30:07 2011] Init: Unable to read server certificate from file /etc/verisign/public.crt
[Mon May 09 08:30:07 2011] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:w
[Mon May 09 08:30:07 2011] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:
We are running Apache 2.2.4 and mod_ssl.
The previous certificate had been working fine, I can copy my files from expired certificate and apache starts correctly, but when I try to access the secured pages via https I get a certificate expired warning.
One more item that may be pertinent is that the old Certificate had a key bit size of 1024 and the new one has 2048.
[Mon May 09 08:30:07 2011] Init: Unable to read server certificate from file /etc/verisign/public.crt
[Mon May 09 08:30:07 2011] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:w
[Mon May 09 08:30:07 2011] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:
We are running Apache 2.2.4 and mod_ssl.
The previous certificate had been working fine, I can copy my files from expired certificate and apache starts correctly, but when I try to access the secured pages via https I get a certificate expired warning.
One more item that may be pertinent is that the old Certificate had a key bit size of 1024 and the new one has 2048.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
openssl rsa -in <private.key> -out <newprivate.key>
for security the new file should be marked as only readable by root.