SSL certificate with GlobalSign (SHA256)

I use an SSL certificate(SHA1) issued by GlobalSign.
I’ve re-issued a new certificate (SHA256) from their console panel and got the 3 files below :

  • CEDW1507013742.cer
  • CEDW1507013742.key
  • cacert.cer

I have updated these new files in my server, set the same permissions (664) and update my ssl.conf file as written in the instructions:

#Old settings 
#SSLCertificateFile conf.d/ssl/2013xxxx_cert.pem
#SSLCertificateKeyFile conf.d/ssl/2013no_pass_xxxx_key.pem
#SSLCACertificateFile conf.d/ssl/2013xxxx_middle.pem

#New settings
SSLCertificateChainFile conf.d/2015-06-sha256/CEDW1507013742.cer
SSLCertificateKeyFile conf.d/2015-06-sha256/CEDW1507013742.key
SSLCACertificateFile conf.d/2015-06-sha256/cacert.cer

when I restart apache

service httpd restart

I get in my apache log:

[Wed Jul 01 07:00:37.435188 2015] [ssl:emerg] [pid 3381:tid 139691992791104] AH02580: Init: Pass phrase incorrect for key master.xxxx:443:0
[Wed Jul 01 07:00:37.435255 2015] [ssl:emerg] [pid 3381:tid 139691992791104] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Wed Jul 01 07:00:37.435279 2015] [ssl:emerg] [pid 3381:tid 139691992791104] SSL Library Error: error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
[Wed Jul 01 07:00:37.435318 2015] [ssl:emerg] [pid 3381:tid 139691992791104] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Wed Jul 01 07:00:37.435338 2015] [ssl:emerg] [pid 3381:tid 139691992791104] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=RSA)
[Wed Jul 01 07:00:37.435356 2015] [ssl:emerg] [pid 3381:tid 139691992791104] SSL Library Error: error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib
[Wed Jul 01 07:00:37.435374 2015] [ssl:emerg] [pid 3381:tid 139691992791104] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Wed Jul 01 07:00:37.435392 2015] [ssl:emerg] [pid 3381:tid 139691992791104] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=PKCS8_PRIV_KEY_INFO)
[Wed Jul 01 07:00:37.435429 2015] [ssl:emerg] [pid 3381:tid 139691992791104] AH02564: Failed to configure encrypted (?) private key master.xxxx.jp:443:0, check /etc/httpd/conf.d/2015-06-sha256/CEDW1507013742.key

Does anyone know how to avoid this error ?
thank you


Source: apache

Leave a Reply