Certificate and private key file problems
Tags: my server. By lucb1e on 2012-06-16 02:18:49 +0100
For other Googlers who have problems enabling HTTPS on their Apache server (or any server I guess), this post.
I was getting this kind of errors:
[Sat Jun 16 01:07:57 2012] [error] Init: Unable to read server certificate from file /ohai/file.crt
[Sat Jun 16 01:07:57 2012] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Sat Jun 16 01:07:57 2012] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
[Sat Jun 16 01:06:22 2012] [error] Init: SSLPassPhraseDialog builtin is not supported on Win32 (key file /ohai/file.key)
The certificate seemed valid to me, and the keyfile was not encrypted (in fact, I decrypted it beforehand to use it). They looked like this:
The keyfile (.key):
-----BEGIN RSA PRIVATE KEY-----
Multiline
Base64-Encoded
data==
-----END RSA PRIVATE KEY-----
The certificate (.crt):
-----BEGIN CERTIFICATE-----
Multiline
Base64-Encoded
data==
-----END CERTIFICATE-----
The problem however were the line-endings. Don't ask me how or why, but in Notepad++ it showed
Mac Format [1] on the erroring files whereas the working one (the ones I saved the evening before worked) had it set to
Windows Format. Changing the files one by one to the Windows Format and saving them made it work instantly—huray!
What this technically does by the way, is change which bytes indicate a new line. For example on Windows you have to use CRLF (carriage-return line-feed) or \r\n (ASCII 13 and 10; yes it's two characters). Unix uses only a LF (\n, ASCII 10). I'm not sure what Mac does, but I'm guessing \r, though I've read that newer Mac OS versions switched to \n as well. Apparently Apache handles (old?) Mac formatted ones incorrectly.
[1]