apache crashes on a virtual host attempting to read a .csr with Code: [error] Init: Unable to read server certificate from file /etc/apache2/ssl/www.mydomain.csr [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error this same box has several other static IP ssl's as virtual hosts, where I cp'ed the virtual host directive for use with this domain, used the same commands to create the .csr of: Code: openssl genrsa -des3 -out www.mydomain.key 2048 openssl req -new -key www.mydomain.key -out www.mydomain.csr where my virtual host directive is: Code: NameVirtualHost 1.2.3.4:443 <VirtualHost 1.2.3.4:443> SSLEngine on SSLCertificateFile /etc/apache2/ssl/www.mydomain.com.csr #SSLCertificateFile /etc/apache2/ssl/www.mydomain.com.crt SSLCertificateKeyFile /etc/apache2/ssl/www.mydomain.com.key ... </VirtualHost> It seems somehow openssl is giving me a bogus cert, but these are the same steps I took on the last domain with static IP on this box. I double-checked I'm using a .csr not a .crt and the ssl files are in the right directory. Also, apache2ctl configtest doesn't catch the error until I enable the site and it crashes all the sites on the server
But what shall the apache do with the csr, as this is just a signing request for a certificate. After having created the cert and its key, you do not need the csr anymore. This will also explain the errormessage you are referring to, as it is a signing request and not a certificate:
the crt issuer needs a FQDN csr before they issue a crt, so I can't get that far, this is just the csr part, the .crt line is commented out for that reason.
