After getting a certificate from
https://wikihub.berkeley.edu/x/mwHNAQ downloading
it and restarting Apache, error_log
contained:
[Tue Jun 15 16:19:40 2010] [notice] caught SIGTERM, shutting down [Tue Jun 15 16:19:45 2010] [error] Unable to configure RSA server private key [Tue Jun 15 16:19:45 2010] [error] SSL Library Error: 185073780 error:0B080074:x 509 certificate routines:X509_check_private_key:key values mismatch [Tue Jun 15 16:20:45 2010] [warn] RSA server certificate is a CA certificate (Ba sicConstraints: CA == TRUE !?) [Tue Jun 15 16:20:45 2010] [warn] RSA server certificate CommonName (CN) `AddTrust External CA Root' does NOT match server name!? [Tue Jun 15 16:20:45 2010] [error] Unable to configure RSA server private key [Tue Jun 15 16:20:45 2010] [error] SSL Library Error: 185073780 error:0B080074:x 509 certificate routines:X509_check_private_key:key values mismatchThe problem here is that the certificate I downloaded "X509, Base64 encoded:" had three certificates in it:
source.EECS.Berkeley.EDU:root: %C2> keytool -printcert -v -file 2010/source_eecs_berkeley_edu.cer Certificate[1]: Owner: CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE Issuer: CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE Serial number: 1 Valid from: Tue May 30 03:48:38 PDT 2000 until: Sat May 30 03:48:38 PDT 2020 Certificate fingerprints: MD5: 1D:35:54:04:85:78:B0:3F:42:42:4D:BF:20:73:0A:3F SHA1: 02:FA:F3:E2:91:43:54:68:60:78:57:69:4D:F5:E4:5B:68:85:18:68 Certificate[2]: Owner: CN=COMODO High-Assurance Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB Issuer: CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE Serial number: 1690c329b6780607511f05b0344846cb Valid from: Thu Apr 15 17:00:00 PDT 2010 until: Sat May 30 03:48:38 PDT 2020 Certificate fingerprints: MD5: 2B:EE:B7:93:D7:C5:DD:65:E3:16:E9:98:EF:85:9B:F7 SHA1: B9:B4:C7:A4:88:C0:88:5E:C1:C8:3A:A8:7E:4E:BD:2B:21:5F:9F:A4 Certificate[3]: Owner: CN=source.eecs.berkeley.edu, OU=PlatinumSSL, OU=Hosted by InCommonTestCA, OU="EECS Dept, Ptolemy Project", O=University of California at Berkeley, STREET="200 California Hall #1500", L=Berkeley, ST=CA, OID.2.5.4.17=94720, C=US Issuer: CN=COMODO High-Assurance Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB Serial number: 9d53777b39db0a61a7d3535fb0a775ef Valid from: Mon Jun 14 17:00:00 PDT 2010 until: Fri Jun 14 16:59:59 PDT 2013 Certificate fingerprints: MD5: 0D:A4:3C:31:63:28:3E:AD:08:F1:51:62:8C:4A:09:C4 SHA1: 9A:02:4D:E4:E4:E3:1E:D6:31:B7:0D:EB:2F:A2:2C:07:AA:54:22:85Using the above certificate resulted in the error.
However, using the "X509 Certificate only, Base64 encoded", worked. The cert looked like:
source.EECS.Berkeley.EDU:root: %C2> keytool -printcert -v -file server.crt Owner: CN=source.eecs.berkeley.edu, OU="EECS Dept, Ptolemy Project", O=UC Berkeley, L=Berkeley, ST=California, C=US Issuer: CN=VeriSign Class 3 Secure Server CA, OU=Terms of use at https://www.verisign.com/rpa (c)05, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US Serial number: 4f88c83f453013e840f0a3a07171664c Valid from: Mon Jul 14 17:00:00 PDT 2008 until: Thu Jul 15 16:59:59 PDT 2010 Certificate fingerprints: MD5: E0:55:9B:B5:34:8A:74:77:39:E0:3D:68:3C:59:8E:88 SHA1: DA:FF:45:C9:DF:6F:B5:73:EC:9C:F8:A7:CC:93:08:84:22:A8:78:3D