# Apache + SSL error



## lthozo (Jan 26, 2014)

Hy!

I am migrating from CentOS to FreeBSD (Apache + SSL). After copying files and changing configuration file[1] as CentOS I am getting this error[2]. Trying to validate certificate[3].


1.  /usr/local/etc/apache22/extra/httpd-ssl.conf
2. 
	
	



```
[Fri Jan 24 08:46:06 2014] [error] Init: Unable to read server certificate from
+file /usr/local/www/ssl/certificado.csr
[Fri Jan 24 08:46:06 2014] [error] SSL Library Error: 218529960
+error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Fri Jan 24 08:46:06 2014] [error] SSL Library Error: 218595386
+error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
```

3. 
	
	



```
# openssl x509 -in certificado.crt -text -noout
unable to load certificate
34379118248:error:0906D06C:PEM routines:PEM_read_bio:no start
+line:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/pem/pem_lib.c
+:703:Expecting: TRUSTED CERTIFICATE
```


----------



## dpejesh (Jan 26, 2014)

lthozo said:
			
		

> [Fri Jan 24 08:46:06 2014] [error] Init: Unable to read server certificate from
> +file /usr/local/www/ssl/certificado.csr



This is failing because you're trying to use the signing request instead of the certificate.



> # openssl x509 -in certificado.crt -text -noout
> unable to load certificate
> 34379118248:error:0906D06CEM routinesEM_read_bio:no start
> +line:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/pem/pem_lib.c
> +:703:Expecting: TRUSTED CERTIFICATE



This is failing because it's not PEM encoded.  The first line of the file should be -----BEGIN CERTIFICATE-----.  If you have a valid certificate that's in DER format, http://www.sslshopper.com/article-most-common-openssl-commands.html has examples on how to convert it.


----------



## lthozo (Jan 26, 2014)

dpejesh,

Thanks a lot! =)


----------

