Install SSL Certificates for XAMPP Apache

StackOverflow https://stackoverflow.com/questions/23552986

Question

I generated server.key using openssl CLI and then generated server.csr from that. Then I submitted server.csr to my company (this is all internal) and they gave me a text file which I renamed to server.crt

I followed this guide to install SSL Cert for XAMPP's Apache

https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&actp=CROSSLINK&id=AR193

Basically I edited the httpd-ssl.conf file with below:

SSLCertificateFile "conf/ssl.crt/server.crt"

SSLCertificateKeyFile "conf/ssl.key/server.key"

SSLCACertificatePath "conf/ssl.crt/"
SSLCACertificateFile "conf/ssl.crt/server.crt"

When I restarted my Apache server, it failed and gave error:

[Thu May 08 14:14:48.014710 2014] [ssl:warn] [pid 1924:tid 272] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu May 08 14:14:48.016664 2014] [ssl:warn] [pid 1924:tid 272] AH01907: RSA server certificate is not a leaf certificate (BasicConstraints: pathlen == 2 > 0 !?)
[Thu May 08 14:14:48.016664 2014] [ssl:warn] [pid 1924:tid 272] AH01909: RSA certificate configured for www.myservername.com:443 does NOT include an ID which matches the server name
[Thu May 08 14:14:48.016664 2014] [ssl:emerg] [pid 1924:tid 272] AH02238: Unable to configure RSA server private key
[Thu May 08 14:14:48.016664 2014] [ssl:emerg] [pid 1924:tid 272] SSL Library Error: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
[Thu May 08 14:14:48.016664 2014] [ssl:emerg] [pid 1924:tid 272] AH02311: Fatal error initialising mod_ssl, exiting. See C:/xampp/apache/logs/error.log for more information

Anyone knows why? How to fix this?

Here are my system info

Windows NT LGLAC046 6.1 build 7600 (Windows Server 2008 R2 Enterprise Edition) i586 

Apache/2.4.4 (Win32) OpenSSL/0.9.8y PHP/5.4.19 

OPENSSL_CONF    C:/xampp/apache/bin/openssl.cnf 

SSL Version     OpenSSL/0.9.8y
Était-ce utile?

La solution

I generated server.csr using openssl CLI and then generated server.key from that
You're supposed to generate a private key first:

openssl genrsa -des3 -out server.key 1024

then generate a csr:

openssl req -new -key server.key -out server.csr

If you're requesting a new certificate, you then send the CSR to the CA. It sounds like what you have is a CA certificate, not a server certificate.

Licencié sous: CC-BY-SA avec attribution
Non affilié à StackOverflow
scroll top