[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Update Verisign Certificate now Apache wont start

Posted on 2011-05-09
Medium Priority
Last Modified: 2012-05-11
Our Verisign Certificate has expired, so I renewed it.  I have copied the public.crt that Verisign generated to the directory and filename that is indicated in my httpd.conf, along with the private key (vsprivate.key), and the intermediate CA's.  Now when I try to start Apache I am getting the following in the log:

[Mon May 09 08:30:07 2011] Init: Unable to read server certificate from file /etc/verisign/public.crt
[Mon May 09 08:30:07 2011] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon May 09 08:30:07 2011] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error

We are running Apache 2.2.4 and mod_ssl.

The previous certificate had been working fine, I can copy my files from expired certificate and apache starts correctly, but when I try to access the secured pages via https I get a certificate expired warning.

One more item that may be pertinent is that the old Certificate had a key bit size of 1024 and the new one has 2048.
Question by:dsgvwf
LVL 14

Accepted Solution

JAN PAKULA earned 2000 total points
ID: 35720299

Author Closing Comment

ID: 35720644
It seems that I needed to remove the password from the private key, using:

openssl rsa -in <private.key> -out <newprivate.key>

for security the new file should be marked as only readable by root.

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are running a LAMP infrastructure, this little code snippet is very helpful if you are serving lots of HTML, JavaScript and CSS-related information. The mod_deflate module, which is part of the Apache 2.2 application, provides the DEFLATE…
In Solr 4.0 it is possible to atomically (or partially) update individual fields in a document. This article will show the operations possible for atomic updating as well as setting up your Solr instance to be able to perform the actions. One major …
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question