[Eisfair] [apache] Virtuelle Hosts mit HTTPS

Peter Schauder p_schauder at web.de
Mi Mär 4 14:59:18 CET 2015 

Hi,

ich hab mal wieder versucht und hab mir gedacht: angefangen hat das ja
alles mit dem Apachen, schalte doch mal SSL ab und wieder ein. Beim
einschalten passiert dann das:
Activate configuration now (y/n) [yes]?
Creating Apache2 configuration ...
Creating CA for SSL ...
unable to load CRL
3074627208:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:703:Expecting: X509 CRL
CA key /usr/local/ssl/private/ca.key already exists!

The certificate /usr/local/ssl/certs/ca.pem
does already exist, proceed anyway (y/n) [n]? y
updating hashes '/usr/local/ssl/certs' ...
Creating apache.pem
Notice: The Common Name (you will type it in a moment) has to be the
ServerName!
unable to load CRL
3074348680:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:703:Expecting: X509 CRL
Invalid certificate file '/usr/local/ssl/newcerts/apache.crt'
detected.
Do you want to delete it (y/n) [n]? y

A key /usr/local/ssl/private/apache.key already exists.
Delete previously generated files (.key, .csr, .crt, .pem, .p12),
proceed anyway (y/n) [n]? y

Do you really want to remove these files (y/n) [n]? y
... archived.

Generating RSA private key, 2048 bit long modulus
.......................................................+++
.........+++
e is 65537 (0x10001)
... done.

Country code (2 letter code) [DE]?
State or province name [Nordrhein Westfalen]?
Locality name [Koeln]? Bielefeld
Organization or company name [privat]?
Organizational unit or section name [eisfair]? Schauder ORG
Common name, e.g. (ApacheNG.schauder.dom) [ ]? ApacheNG.schauder.dom
Email address [.]? p_schauder at web.de

Do you want to to continue (y/n) [n]? y
... done.



You will be asked to enter the following data, after pressing ENTER:

 3 - Passphrase of your CA key.

Press ENTER to continue
Using configuration from /usr/local/ssl/openssl.cnf
Enter pass phrase for /usr/local/ssl/private/ca.key:
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'DE'
stateOrProvinceName   :PRINTABLE:'Nordrhein Westfalen'
localityName          :PRINTABLE:'Bielefeld'
organizationName      :PRINTABLE:'privat'
organizationalUnitName:PRINTABLE:'Schauder ORG'
commonName            :PRINTABLE:'ApacheNG.schauder.dom'
emailAddress          :IA5STRING:'p_schauder at web.de'
Certificate is to be certified until Mar  3 14:58:06 2016 GMT (365
days)
Sign the certificate? [y/n]:y
failed to update database
TXT_DB error number 2
3075135112:error:0E06D06C:configuration file
routines:NCONF_get_string:no value:conf_lib.c:335:group=Server_CA
name=email_in_dn
unable to load certificate
3075135112:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:703:Expecting: TRUSTED CERTIFICATE
... certificate generation unsuccessful!

updating hashes '/usr/local/ssl/certs' ...
activating modules...
done activating modules
 * Disabling subversion WebDAV access ...
[  OK  ]
 * Restarting Apache ...
[  OK  ]
Press ENTER to continue

Welche Database ist da das Problem? Ist möglicherweise mein CA
Certifikat defekt? Wie bekomme ich 'alles auf Anfang'?

Gruß
Peter

Mehr Informationen über die Mailingliste Eisfair