任何人都可以看到我在这些步骤出错(在Windows XP +的Apache 2.2)?
我试图用我自己的CA创build自己的自签名SSL证书,当它完成我的Apache服务器无法启动,我的日志文件说:
[info] Init: Seeding PRNG with 136 bytes of entropy [info] Loading certificate & private key of SSL-aware server [error] Init: Unable to read server certificate from file C:/Apache2.2/conf/thor.mysite.com_cert/ksb_cert_rep.p12 [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error [error] SSL Library Error: 218640442 error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error 这是我做了什么创build证书:
openssl req -x509 -out ca_cert.pem -newkey rsa:2048 -keyout ca_priv_key.pem -days 3650 openssl x509 -in ca_cert.pem -text -noout openssl req -out ksb_cert_req.pem -new -keyout ksb_priv_key.pem openssl req -noout -text -verify -in ksb_cert_req.pem openssl x509 -req -in ksb_cert_req.pem -CA ca_cert.pem -CAkey ca_priv_key.pem -CAcreateserial -out ksb_cert_rep.pem -days 3650 openssl pkcs12 -export -in ksb_cert_rep.pem -inkey ksb_priv_key.pem -out ksb_cert_rep.p12 -name "ksb certificate" openssl pkcs12 -info -in ksb_cert_rep.p12 openssl rsa -in ksb_priv_key.pem -out ksb_priv_key_nopass.pem
另外,这里是我的Apache httpd-ssl.conf文件中的configuration:
SSLCertificateFile "C:/Apache2.2/conf/ksb_cert_rep.p12" SSLCertificateKeyFile "C:/Apache2.2/conf/ksb_priv_key_nopass.pem"
Apache不喜欢PKCS12格式的证书,它期望x509 。 改为使用您的ksb_cert_rep.pem文件。