Wildcard certificate error

needs needs
needs needs used Ask the Experts™
on
I have a Linux ubuntu  Apache/2.4.7, OpenSSL/1.0.1 Server.

My Wildcard certificate(comodo) is expired. We have a New Wildcard(with Password ) certificate.
 I copied all files from comodo  
certificate.cabundle,
certificate.crt and  
certkey.key to my certificates Folder /etc/apache2/allcertificates/.

Folder allcertificates has root permission :  root:root

i changed lines  under /etc/apache2/sites-enabled/default-ssl.conf

SSLEngine on

SSLCertificateFile               /etc/apache2/allcertificates/certificate.crt
SSLCertificateKeyFile        /etc/apache2/allcertificates/certkey.key
SSLCertificateChainFile    /etc/apache2/allcertificates/certificate.cabundle

when i restart or start Apache2   : /etc/init.d/apache2 restart     ,i got  error  and also certificate Password ask not. must be asking isnt it?

error log Apache:

 [ssl:emerg] [pid 138] AH02204: Init: Pass phrase incorrect for key of mydomain.com:443
 [ssl:emerg] [pid 138] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
 [ssl:emerg] [pid 138] SSL Library Error: error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
[ssl:emerg] [pid 138] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[ssl:emerg] [pid 138] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=RSA)
 [ssl:emerg] [pid 138] SSL Library Error: error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib
[ssl:emerg] [pid 138] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[ssl:emerg] [pid 138] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=PKCS8_PRIV_KEY_INFO)
[ssl:emerg] [pid 138] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/error.log for more information
 [core:warn] [pid 139] AH00098: pid file /var/run/apache2/apache2.pid overwritten -- Unclean shutdown of previous Apache run?

Many thanks for help
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
DevOps Engineer
Distinguished Expert 2018
Commented:
openssl rsa -in [file1.key] -out [file2.key]

Use the above command and remove password from ca bundle file. Then configure the new cert in apache conf.

Author

Commented:
Hi,
its wildcard certificate .our other servers uses too. could be something losess when i change it.?

Thanks

Author

Commented:
I am new here. my other frends configured 2 diffrent places:
/etc/apache2/sites-enabled/Default-ssl.conf

SSLEngine on

SSLCertificateFile               /etc/apache2/allcertificates/certificate.crt
SSLCertificateKeyFile        /etc/apache2/allcertificates/certkey.key
SSLCertificateChainFile    /etc/apache2/allcertificates/certificate.cabundle
and
/etc/apache2/sites-availble/Default-ssl.conf

SSLEngine on

SSLCertificateFile               /etc/apache2/allcertificates/certificate.crt
SSLCertificateKeyFile        /etc/apache2/allcertificates/certkey.key
SSLCertificateChainFile    /etc/apache2/allcertificates/certificate.cabundle

is it correct configurations? or must be only under /etc/apache2/sites-availble/Default-ssl.conf  ?

Author

Commented:
thanks

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial