{"id":8527,"date":"2022-01-28T15:40:28","date_gmt":"2022-01-28T20:40:28","guid":{"rendered":"https:\/\/www.rushworth.us\/lisa\/?p=8527"},"modified":"2022-01-28T15:40:28","modified_gmt":"2022-01-28T20:40:28","slug":"apache-httpd-and-der-encoded-certificate","status":"publish","type":"post","link":"https:\/\/www.rushworth.us\/lisa\/?p=8527","title":{"rendered":"Apache HTTPD and DER Encoded Certificate"},"content":{"rendered":"

We are in the process of updating one of the web servers at work to a newer OS \u2013 along with a newer Apache HTTPD and PHP iteration. Ran into a snag just setting up the SSL web site \u2013 we couldn\u2019t get HTTPD started with our Venafi certificate.<\/p>\n

[Fri Jan 28 14:35:05.092086 2022] [ssl:emerg] [pid 57739:tid 139948816931136] AH02561: Failed to configure certificate hostname.example.com:443:0, check \/path\/to\/certs\/production\/server.crt<\/p>\n

[Fri Jan 28 14:35:05.092103 2022] [ssl:emerg] [pid 57739:tid 139948816931136] SSL Library Error: error:0909006C:PEM routines:get_name:no start line (Expecting: CERTIFICATE) — Bad file contents or format – or even just a forgotten SSLCertificateKeyFile?<\/p>\n

[Fri Jan 28 14:35:05.092115 2022] [ssl:emerg] [pid 57739:tid 139948816931136] SSL Library Error: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib<\/p>\n

The certificate was DER encoded \u2013 that\u2019s not what I<\/em><\/strong> use, but it was working on the old server.<\/p>\n

<\/p>\n

I think there might be something between httpd-2.4.6-97 and httpd-2.4.37-43 that stopped DER encoded certificates from working. Rather than figure out some way to coerce HTTPD to use this DER file that I don\u2019t really care if I\u2019ve got \u2026 I just used a quick command to export the B64 version of the certificate, copied the header\/footer\/stuff in between, and made a base-64 encoded certificate file.<\/p>\n

openssl x509 -inform DER -in server.crt | openssl x509 -text<\/p>\n

And, voila, we\u2019ve got a web server.<\/p>\n

 <\/p>\n","protected":false},"excerpt":{"rendered":"

We are in the process of updating one of the web servers at work to a newer OS \u2013 along with a newer Apache HTTPD and PHP iteration. Ran into a snag just setting up the SSL web site \u2013 we couldn\u2019t get HTTPD started with our Venafi certificate. [Fri Jan 28 14:35:05.092086 2022] [ssl:emerg] …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[30],"tags":[1122,352,236],"class_list":["post-8527","post","type-post","status-publish","format-standard","hentry","category-system-administration","tag-apache-httpd","tag-httpd","tag-ssl"],"_links":{"self":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts\/8527","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=8527"}],"version-history":[{"count":1,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts\/8527\/revisions"}],"predecessor-version":[{"id":8529,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts\/8527\/revisions\/8529"}],"wp:attachment":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=8527"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=8527"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=8527"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}