Mailinglist Archive: opensuse (3637 mails)

< Previous Next >
[SERVER] Need help moving SSL certificate (WAS: Can an SSL certificate be moved from one server to another?)
  • From: wilson@xxxxxxxxxxx (Jonathan Wilson)
  • Date: Mon, 28 May 2001 11:03:07 -0500
  • Message-id: <5.1.0.14.0.20010528110037.01d17250@xxxxxxxxxxxxxxxx>
The other day I asked if an SSL cert could be moved from one server to another and the answer seems to be "yes", but I'm having a really bad time with it: mod_ssl doesn't like the server.key file.

>You should be able to just copy the key file from one machine to another;
>I've done it several times. As long as you make sure that you keep the key &
>certificate together as a pair, you can move SSL keys/certs anywhere.

Ok, but I'm getting this error:
bash-2.04# /etc/init.d/apache restart
Shutting down httpd done
Starting httpd [ SuSEHelp SSL PHP3 mod_perl contrib status ] done
You have mail in /var/mail/root

<edit file at this point to use key from other server>

bash-2.04# /etc/init.d/apache restart
Shutting down httpd done
Starting httpd [ SuSEHelp SSL PHP3 mod_perl contrib status ]Apache/1.3.14 mod_ssl/2.7.1 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide us with the pass phrases.

Server csc008.claborn.net:443 (RSA)
Enter pass phrase: done
bash-2.04#
Apache:mod_ssl:Error: Private key not found.
**Stopped
bash: 2345678: command not found
bash-2.04#

Any ideas what mod_ssl is complaining about? I have the SSL section set like this:

SSLCertificateFile /home/webhome/equationresearch/server.crt
#SSLCertificateFile /home/webhome/equationresearch/eqr.test.crt
SSLCertificateKeyFile /home/webhome/equationresearch/server.key
#SSLCertificateKeyFile /home/webhome/equationresearch/eqr.test.key

If I comment out the server.* ones and use the test ones (I generated the test ones on this server) it works perfectly. But the old ones give me that "key not found" error. And it's not a file error, /home/webhome/equationresearch/server.key really does exist. The log files report the following:

[Mon May 28 10:43:04 2001] [error] mod_ssl: Init: Private key not found (OpenSSL library error follows)
[Mon May 28 10:43:04 2001] [error] OpenSSL: error:0D084069:asn1 encoding routines:d2i_ASN1_SET:bad tag
[Mon May 28 10:43:04 2001] [error] OpenSSL: error:0D09D082:asn1 encoding routines:d2i_RSAPrivateKey:parsing
[Mon May 28 10:43:04 2001] [error] OpenSSL: error:0D09B00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib

I made the server.key and server.csr files on RedHat 6.2 with apache-1.3.14-2.6.2 and mod_ssl-2.7.1-3,openssl-0.9.5a-2.6.x

I'm trying to use it on SuSE 7.1 with apache-1.3.14-6, mod_ssl-2.7.1-0 and openssl-0.9.6-21.

Do you think it's a version conflict in the ssl version?

Any help would be greatly appreciated.


TIA

----------------------------------------------------
Jonathan Wilson
System Administrator

Cedar Creek Software http://www.cedarcreeksoftware.com
Central Texas IT http://www.centraltexasit.com


< Previous Next >
Follow Ups