Update Verisign Certificate now Apache wont start
Posted on 2011-05-09
Our Verisign Certificate has expired, so I renewed it. I have copied the public.crt that Verisign generated to the directory and filename that is indicated in my httpd.conf, along with the private key (vsprivate.key), and the intermediate CA's. Now when I try to start Apache I am getting the following in the log:
[Mon May 09 08:30:07 2011] Init: Unable to read server certificate from file /etc/verisign/public.crt
[Mon May 09 08:30:07 2011] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon May 09 08:30:07 2011] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
We are running Apache 2.2.4 and mod_ssl.
The previous certificate had been working fine, I can copy my files from expired certificate and apache starts correctly, but when I try to access the secured pages via https I get a certificate expired warning.
One more item that may be pertinent is that the old Certificate had a key bit size of 1024 and the new one has 2048.