Help -- VeriSign Certificate install not happy
I'm trying to get a VeriSign certificate installed onto my Debian box and it's not going very well. I'm running apache-ssl.
Pervious to this installation, my box would boot and apache-ssl would load correctly. I had a fully operable SSL web site, minus the certificate. Now, apache-ssl will not load at all.
Following the instructions on the VeriSign web site, I created the CSR from within the following directory:
A few hours later, I received the VeriSign certificate and attempted to install it by following their step-by-step instructions, using vi to create a public.crt file:
getrootcert.cer public.crt public.csr secureprivate.key
I then attempted to modify the /etc/apache-ssl/httpd.conf in the following manner, ignoring the SSLCA options and sticking with the straight-up SSL options.
# Point SSLCertificateFile at a PEM encoded certificate.
# If the certificate is encrypted, then you will be prompted for a pass phrase.
# Note that a kill -1 will prompt again.
# A test certificate can be generated with "make certificate".
# If the key is not combined with the certificate, use this directive to
# point at the key file. If this starts with a '/' it specifies an absolute
# path, otherwise it is relative to the default certificate area. That is, it
# means "<default>/private/<keyfile>".
I re-booted the system and found that I could no longer ssh in as my sudo user. I was forced to log in as root. Also, the httpd would not start automatically. I attempted to start it manually and the system requested my certificate password, which I entered without apparent negative results. However, the server did not launch.
root@srpva:/usr/sbin# ./apache-sslctl start
./apache-sslctl start: httpsd could not be started
I blanked the lines in the httpd.conf and rebooted. Now I can ssh in once again as my sudo user, but the httpd will not launch. Manual attempts are no good. I spoke to one Verisign support tech and she was hostile and unhelpful.
Here's my kernel info:
2.4.18-bf2.4 #1 Mon Apr 12 11:37:50 UTC 2004 i686 unknown
Here's my apache and ssl versions. I run apt-get update frequently:
Thanks in advance for any suggestions.
- Dan O'Brien