Probleme mit Apache2 und SSL (key values mismatch)


M

madmax

New Member
Hallo,

bin gerade dabei einen neuen vServer einzurichten und scheitere am
selbst-signierten SSL Zertifikat und dem Apache.

Folgende Fehlermeldung erhalte ich:
Code: 
[Tue Oct 01 20:54:53 2013] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Oct 01 20:54:53 2013] [warn] RSA server certificate CommonName (CN) `host.mydomain2.com' does NOT match server name!?
[Tue Oct 01 20:54:53 2013] [error] Unable to configure RSA server private key
[Tue Oct 01 20:54:53 2013] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch

Meine keys habe ich wie folgt erstellt:
Code: 
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt

Der Modulus stimmt aber überein:
Code: 
root@mysrv:/etc/apache2/ssl# openssl rsa -noout -modulus -in apache.key 
Modulus=B898BCBF15BB1F5E287D5E2B71C3C48B519174869FF7F05169B9E1AC4F9B96CDA11A29A1C9BE371F21A63579BCCD042DC9E70481481BDCBC29B79A552358C9EE0B07AD058762DB9D10DBB0800F0531AE3B083870913ACD4C2522DC6607D4778B325A98A31888CB0C22ECD75A2B3876E9F6B633058AD7ED10A291EC1AD29227D932293C3670BB2190B0B397E1C52FA433744649EF8842196FA9C33FEEF2B59C2B9A91FDFF2855ABC08A2BC991CB1F44EBD24D235DD81D0272E96A28FD27B812DD3292065B82F2484A1CA0768B8F8AC4A8D6EF24CFA3835B0C0B137C5B894E2645C615E4148A3C04D72DE9243A7B841AD1DF70D39537374EDB75AEA8415032596D
root@mysrv:/etc/apache2/ssl# openssl x509 -noout -modulus -in apache.crt 
Modulus=B898BCBF15BB1F5E287D5E2B71C3C48B519174869FF7F05169B9E1AC4F9B96CDA11A29A1C9BE371F21A63579BCCD042DC9E70481481BDCBC29B79A552358C9EE0B07AD058762DB9D10DBB0800F0531AE3B083870913ACD4C2522DC6607D4778B325A98A31888CB0C22ECD75A2B3876E9F6B633058AD7ED10A291EC1AD29227D932293C3670BB2190B0B397E1C52FA433744649EF8842196FA9C33FEEF2B59C2B9A91FDFF2855ABC08A2BC991CB1F44EBD24D235DD81D0272E96A28FD27B812DD3292065B82F2484A1CA0768B8F8AC4A8D6EF24CFA3835B0C0B137C5B894E2645C615E4148A3C04D72DE9243A7B841AD1DF70D39537374EDB75AEA8415032596D

Das ist die dazugehörige Konfiguration im Apache:
Code: 
<VirtualHost *:443>
        ServerAdmin [email protected]
        ServerName  host.mydomain.com
        ServerAlias host.mydomain2.com

	SSLEngine on
	SSLCertificateFile /etc/apache2/ssl/apache.crt
	SSLCertificateKeyFile /etc/apache2/ssl/apache.key

        # Indexes + Directory Root.
        DirectoryIndex index.php
        DocumentRoot /var/www/mydomain/html/

        # Logfiles
        ErrorLog  /var/www/mydomain/logs/error.log
        CustomLog /var/www/mydomain/logs/access.log combined
<Directory>
AllowOverride All
order allow,deny
Allow from all
</Directory>

</VirtualHost>

Hat jemand eine Idee was da falsch daran sein könnte?

Grüße,
madmax
 
GwenDragon said:
Und modulus und public Exponent sind in den Zertifikaten gleich?
Click to expand...
openssl x509 -text -in /etc/apache2/ssl/apache.crt | grep Exp
openssl rsa -text -in /etc/apache2/ssl/apache.key | grep Exp

Prüf mal de Modulus:
openssl rsa -noout -modulus -in /etc/apache2/ssl/apache.key | openssl sha1 > k
openssl x509 -noout -modulus -in /etc/apache2/ssl/apache.crt | openssl sha1 > l
diff k l
 
Last edited by a moderator:
You must log in or register to reply here.

Back
Top