I want to create self signed certificate for the website. The old certificate expired few days ago. There are more than one NameVirtualHosts hosted on systems. The commands I am using to create certificate are taken from one tutorial website and are:
openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr
cp server.key server.key.org
openssl rsa -in server.key.org -out server.key
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
After this in ssl.conf file I have specified under VirtualHost section along with old settings done by other admin
SSLEngine on
SSLCertificateFile <full_path>/server.crt
SSLCertificateKeyFile <full_path>/server.key
On starting the server I am getting following messages in log file and server fails to start.
In error_log file messages are
[Mon Jun 01 23:52:46 2009] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
In ssl_error_log file messages are
[Mon Jun 01 23:52:46 2009] [error] Init: Private key not found
[Mon Jun 01 23:52:46 2009] [error] SSL Library Error: 218710120 error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad tag
[Mon Jun 01 23:52:46 2009] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Jun 01 23:52:46 2009] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
[Mon Jun 01 23:52:46 2009] [error] SSL Library Error: 218734605 error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib
I would really appreciate if some one can explain how to solve this. I have tried a few other tutorial website on self signed SSL certificates but none of the steps they mention are working.
Use this one liner to generate the certificate and key in one file
Then the only configuration you'll need is
This may seem a bit trivial, but check the permission on your .key file
You can use
openssl req -newkey rsa:1024 -keyout privkey.pem
to save off the SSL key as it's generated, in case the key generation isn't quite right.