Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
249 views
in Technique[技术] by (71.8m points)

Problems with SSL on Apache2

I have a SSL certificate (a .crt-file) which I got from my host. It contains two sections, both starting with -----BEGIN CERTIFICATE-----. I have split this file into cert.crt and intcert.crt (simply assuming that the second part is the intermediate certificate).

In the SSL-config for Apache2 i have:

SSL Engine Switch:

    #   Enable/Disable SSL for this virtual host.
    SSLEngine on

    #   A self-signed (snakeoil) certificate can be created by installing
    #   the ssl-cert package. See
    #   /usr/share/doc/apache2/README.Debian.gz for more info.
    #   If both key and certificate are stored in the same file, only the
    #   SSLCertificateFile directive is needed.
    SSLCertificateFile  /etc/apache2/ssl/cert.crt
    SSLCertificateKeyFile /etc/apache2/ssl/certificate.key

    #   Server Certificate Chain:
    #   Point SSLCertificateChainFile at a file containing the
    #   concatenation of PEM encoded CA certificates which form the
    #   certificate chain for the server certificate. Alternatively
    #   the referenced file can be the same as SSLCertificateFile
    #   when the CA certificates are directly appended to the server
    #   certificate for convinience.
    #SSLCertificateChainFile /etc/apache2/ssl/intcert.crt

    #   Certificate Authority (CA):
    #   Set the CA certificate verification path where to find CA
    #   certificates for client authentication or alternatively one
    #   huge file containing all of them (file must be PEM encoded)
    #   Note: Inside SSLCACertificatePath you need hash symlinks
    #        to point to the certificate files. Use the provided
    #        Makefile to update the hash symlinks after changes.
    #SSLCACertificatePath /etc/ssl/certs/
    #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt

However, when trying to restart Apache2, I get the following error in the error.log:

AH02562: Failed to configure certificate 213.188.152.189:443:0 (with chain), check /etc/apache2/ssl/cert.crt [Mon Jan 11 13:50:51.759656 2021] [ssl:emerg] [pid 1400] SSL Library Error: error:0906D06C:PEM routines:PEM_read_bio:no start line (Expecting: TRUSTED CERTIFICATE) -- Bad file contents or format - or even just a forgotten SSLCertificateKeyFile? [Mon Jan 11 13:50:51.759670 2021] [ssl:emerg] [pid 1400] SSL Library Error: error:140DC009:SSL routines:SSL_CTX_use_certificate_chain_file:PEM lib

I have no idea what is causing this? Is there a mistake of some kind in my config-file, or is there something else. I had it working with exactly this setup, before I renewed the certificate just now.

I would really appreciate help in this matter!


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

I found out the solution myself. I needed to change the formatting om the certs and the key from UTF-8 to ANSI - then everything worked just fine.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...