# Apache Modules MOD_SSL Wiki not correct? Problem with SSL

## heavydwitstyle

Hi Guys, i'm a bit new to this so please go easy on me.

I am working on generating some self-signed certificates and converting my test website into an HTTPS (SSL) website.

I followed all the steps in the wiki.. and I successfully generated the four files, "server.key", "server.pem", "server.csr" and "server.crt".

At the end of generating all the items for the certificate.. its says this ... 

"As we created a server.pem file wich holds the key with the passphrase removed, we need to use this key in Apache instead of the server.key file wich still contains a passphrase, causing Apache2 to ask for it at each startup. So in /etc/apache2/modules.d/41_mod_ssl.default-vhost.conf, change the SSLCertificateKeyFile line so that it refers to the .pem, not the .key. It should look somewhat like that : SSLCertificateKeyFile conf/ssl/server.pem"

I did exactly what it said and this is what that part of the config file looks like.. 

#   Server Private Key:

#   If the key is not combined with the certificate, use this

#   directive to point at the key file.  Keep in mind that if

#   you've both a RSA and a DSA private key you can configure

#   both in parallel (to also allow the use of DSA ciphers, etc.)

SSLCertificateKeyFile conf/ssl/server.pem

After that I set up HTTPS redirection and then restarted Apache server.. but Apache doesn't start.

It supplies me with this error message in the error_log:

[Tue Jun 13 07:51:26 2006] [error] Init: Unable to read server certificate from file /usr/lib64/apache2/conf/ssl/server.pem

[Tue Jun 13 07:51:26 2006] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag

[Tue Jun 13 07:51:26 2006] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error

Any ideas why Apache won't start even though i've supposedly done everything correctly? Is there something i'm missing?

----------

## mazaryk

You have to specify an absolute path to files, otherwise apache looks in it's bin.

Either specify the full path in the SSLCertificateKeyFile directive, or move the cert files to /usr/lib64/apache2/conf/ssl/. I would suggest specifiying the full path. 

# Server Private Key:

# If the key is not combined with the certificate, use this

# directive to point at the key file. Keep in mind that if

# you've both a RSA and a DSA private key you can configure

# both in parallel (to also allow the use of DSA ciphers, etc.)

SSLCertificateKeyFile /etc/apache2/ssl/server.pem

Cheers,

----------

## heavydwitstyle

I had the 4 cert files in the specified directory /usr/lib64/apache2/conf/ssl/ before and still didn't work,

should they be somewhere else? or is there something else i'm missing.

Thanks for the response by the way.

----------

## heavydwitstyle

Could anybody help me? I REALLY need to get this going.

I love you guys!   :Embarassed: 

----------

## mazaryk

Here's my working setup:

```

#

#  SSL Virtual Hosts

#

<VirtualHost *:443>

        DocumentRoot /www/default/public

        ServerName www.mazaryk.com

        ServerAlias mazaryk.com *.mazaryk.com

        ServerAdmin <removed>

# SSL Certs

SSLEngine on

SSLCertificateFile /etc/apache2/ssl/server.crt

SSLCertificateKeyFile /etc/apache2/ssl/server.key

</VirtualHost>
```

```
# cd /etc/apache2/ssl/

# ls

total 16K

-rw-r--r--  1 root root   0 May 23 04:56 .keep

-rw-------  1 root root 951 May 28 00:14 privkey.pem

-rw-------  1 root root 960 May 28 00:14 server.crt

-rw-------  1 root root 745 May 28 00:14 server.csr

-rw-------  1 root root 887 May 28 00:14 server.key

```

No where in my config do I reference the .pem file. I know the how-to said too, but my working config states otherwise.

Hope that helps,

----------

## cazze

I get the same sort of errors with WPA-EAP and a wireless connection. Do you had a solution for this?

----------

