Posted At : September 18, 2006 10:43 PM
2 Comments
I've just spent the last few hours of my life trying to configure an SSL certificate for a web server with apache and mod_ssl - which is something that I've done plenty of times before.
The 1st issue with SSL and apache is that there is no way to test the config before you stop the server - and if it is wrong then the server doesn't restart - which makes for a nice outage as you revert your config files.
The problem I had was:
Which from searching on google is not uncommon. However while there were lots of people in the same boat there were not any solutions.
After a bit of searching around I found the openssl documentation which told me how to check a key to see if it was corrupt or not
The following snippets of code allow you to check certs and private keys generated for use with mod_ssl:
If they throw an error then they are messed up but if the output lots of useful (to someone) info then they are good to go.
When I ran the output on these particular certs they barfed, but what I noticed when looking at the cert with 'less' was that there were lots of ^M's in the source code. This is a Macintosh end of line character and was the key to what was wrong.
The certs were cut and pasted from a web browser on a Mac to a text file - and the mod_ssl code doesn't like that. I copied and pasted again on my trusty Ubuntu Linux box and hey presto - certs that work a treat.
Hope this helps someone.
Cheers, Mark
2 Comments
Mate your a bloody legend! Hours of filtering through crap, pulling out my hair and problem solved. Thanks
BTW. Im using windows. I indeed was copying the crt from a web browser.
I opened the email containing the crt in thunderbird and then copied the text. tested all fine.
Works like it should. Thanks a million for posting.
Hi Dan, You're very welcome - glad you got it sorted and thank for the comment.
Cheers,
Mark