Help -- VeriSign Certificate install not happy

To: debian users <debian-user@lists.debian.org>
Subject: Help -- VeriSign Certificate install not happy
From: Dan O'Brien <dannyo@steinrogan.com>
Date: Thu, 14 Oct 2004 12:06:48 -0400
Message-id: <[🔎] 0D73E9CC-1DFB-11D9-9D64-0050E466B453@steinrogan.com>

Hi,

I'm trying to get a VeriSign certificate installed onto my Debian box and it's not going very well. I'm running apache-ssl.

Pervious to this installation, my box would boot and apache-ssl would load correctly. I had a fully operable SSL web site, minus the certificate. Now, apache-ssl will not load at all.

Following the instructions on the VeriSign web site, I created the CSR from within the following directory:

/usr/lib/ssl/certs

A few hours later, I received the VeriSign certificate and attempted to install it by following their step-by-step instructions, using vi to create a public.crt file:

root@srpva:/usr/lib/ssl/certs# ls
getrootcert.cer public.crt public.csr secureprivate.key

I then attempted to modify the /etc/apache-ssl/httpd.conf in the following manner, ignoring the SSLCA options and sticking with the straight-up SSL options.

# Point SSLCertificateFile at a PEM encoded certificate.
# If the certificate is encrypted, then you will be prompted for a pass phrase.
# Note that a kill -1 will prompt again.
# A test certificate can be generated with "make certificate".
#SSLCertificateFile /u/ben/apache/apache_1.2.6-ssl/SSLconf/conf/t1.pem
SSLCertificateFile /usr/lib/ssl/certs/public.crt

# If the key is not combined with the certificate, use this directive to
# point at the key file. If this starts with a '/' it specifies an absolute
# path, otherwise it is relative to the default certificate area. That is, it
# means "<default>/private/<keyfile>".
SSLCertificateKeyFile /usr/lib/ssl/certs/secureprivate.key

I re-booted the system and found that I could no longer ssh in as my sudo user. I was forced to log in as root. Also, the httpd would not start automatically. I attempted to start it manually and the system requested my certificate password, which I entered without apparent negative results. However, the server did not launch.

root@srpva:/usr/sbin# ./apache-sslctl start
./apache-sslctl start: httpsd could not be started

I blanked the lines in the httpd.conf and rebooted. Now I can ssh in once again as my sudo user, but the httpd will not launch. Manual attempts are no good. I spoke to one Verisign support tech and she was hostile and unhelpful.

Here's my kernel info:

2.4.18-bf2.4 #1 Mon Apr 12 11:37:50 UTC 2004 i686 unknown

Here's my apache and ssl versions. I run apt-get update frequently:

Apache1.3.26-0woo
openssl0.9.6c-2.woody.6

Thanks in advance for any suggestions.

- Dan O'Brien

Reply to:

Prev by Date: catch-all in /etc/aliases
Next by Date: base-config error in Sarge
Previous by thread: Re: catch-all in /etc/aliases
Next by thread: base-config error in Sarge
Index(es):
- Date
- Thread