Problem in Installing the SSL certificate

Nirbhay · 03-10-2010, 08:23 AM

Hi All,

I am not sure whether this is the right place to post the query related to SSL certificate installation problem but still hope to get some solution out of here.

The problem is that I have installed apache SSL certificate but after restarting the server it is showing some Error 1. After greping the errors from error_log I found that there were two errors as mentioned below:

1) Unable to configure RSA server private key

2) SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch

Now as is clear from the error that there is some mismatch in the private key and the certificate but this mismatch is far from understanding as I have followed each and every step which is there in the manual.

Can anyone help me out as this is some what urgent and due to the certificate the application is on hold.

Thanks in advance for any help in this regard.

Silocan · 03-10-2010, 04:38 PM

I have the same problem.

I regenerated at least 5 time certificate files but the error persist.

i'm very interested by the answer !

Code:

<VirtualHost *:443>
	ServerName www.domain.com
    SSLEngine On
    SSLCertificateFile E:/server/openssl/domain.cert
    #SSLCertificateFile E:/server/openssl/privkey.pem
    SSLCertificateKeyFile E:/server/openssl/domain.key
	DocumentRoot E:/www/
	ErrorLog E:/logs/ssl-domain.com_error.log
	TransferLog E:/logs/ssl-domain.com_access.log
</VirtualHost>

120 · 03-11-2010, 05:34 PM

How did you generate the key/cert? There is a script (CA.pl) which produces a key with a passphrase and it appears in lots of 'how to's' on SSL/TLS. Apache (and Postfix + lots of other SSL/TLS programs) can't cope with a passphrase and you get all kinds of odd errors if you create it this way. If you've produced it with something else or the cli 'openssl req -new -nodes ...' this probably won't be your issue.

Review what you set the OU and CN to in the CERT/REQUEST and make sure it matches 'www.domain.com'. There is a subtle difference between www.domain.com and domain.com and that can break things too.

Nirbhay · 03-17-2010, 06:22 AM

The main problem was that there is one more conf file called SSL.conf and whatever path we use to specify for the key and certificate in the http.conf needs to be set in SSl.conf also. Since the path was not set in the SSL.conf that's why it was giving the specified error.

Still thank you all for your responses.

james121 · 03-17-2010, 09:39 AM

This error can be caused by an incorrect configuration. Please make sure that your Listen directives match your <VirtualHost> directives. If all else fails, please start afresh, using the default configuration provided by mod_ssl.

Techmafia.org · 03-22-2010, 05:01 PM

You trying it on localhost /On your machine?

coz with webservers i dont think

virtual host tag in htaccess will be allowed?