Koozali.org: home of the SME Server

Obsolete Releases => SME Server 7.x => Topic started by: purpaboo on March 29, 2010, 02:48:01 PM

Title: I broke my httpd and IMAP too - permissions error on ssl keys?
Post by: purpaboo on March 29, 2010, 02:48:01 PM

Hi

I've been trying to install a ssl certificate, given up, and am trying to return to a self generated ssl key.

After doing:

Code: [Select]

rm  /home/e-smith/ssl.crt/www.domain.com.crt
rm /home/e-smith/ssl.key/www.domain.com.key
and issuing:

Code: [Select]

signal-event domain-modify
And doing a:

Code: [Select]

signal-event post-upgrade; signal-event reboot
Upon reboot, I get errors in /var/log/httpd/error_log which look like a permissions issue on the certs, or some kind of mismatch:

[Mon Mar 29 13:38:42 2010] [error] Init: Unable to read server certificate from file /home/e-smith/ssl.key/www.domain.com.key
[Mon Mar 29 13:38:42 2010] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Mar 29 13:38:42 2010] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error


I've updated the perms on the .crt and .key files to 777 (just for now) but still no bananas.

Can anyone point me gently in the right direction?

TIA

Pete
--

Title: Re: I broke my httpd and IMAP too - permissions error on ssl keys?
Post by: purpaboo on March 29, 2010, 04:03:13 PM

Turns out I had just ham-fisted the modssl properties

Code: [Select]

config setprop modSSL crt /home/e-smith/ssl.crt/www.domain.com.crt
config setprop modSSL crt /home/e-smith/ssl.key/www.domain.com.key

should have of course been

Code: [Select]

config setprop modSSL crt /home/e-smith/ssl.crt/www.domain.com.crt
config setprop modSSL key /home/e-smith/ssl.key/www.domain.com.key