Server Environment
AWS EC2, Ubuntu 14.04LTS, LAMP
443 Port is enabled from security group. Server is listening to 443 port.
I have purchased SSL from cheapsslsecurity.com and followed following step.
step 1 : create a bundle
cat COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > PositiveSSL.ca-bundle
Step 2 : Edit site conf file
<VirtualHost *:443>
ServerAdmin info@domain.com
ServerName www.domain.com
ServerAlias www.domain.com
DocumentRoot /var/www/public_html/domaincom
SSLEngine on
SSLCertificateKeyFile ./ssls/server.key
SSLCertificateFile ./ssls/STAR_domain_com.crt
SSLCertificateChainFile ./ssls/PositiveSSL.ca-bundle
</VirtualHost>
Step 3 : Restart the server
Then following error is coming :
[Sat Apr 23 10:50:14.668246 2016] [ssl:emerg] [pid 32733] AH02238: Unable to configure RSA server private key
[Sat Apr 23 10:50:14.668348 2016] [ssl:emerg] [pid 32733] SSL Library Error: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
[Sat Apr 23 10:50:14.668354 2016] [ssl:emerg] [pid 32733] AH02312: Fatal error initialising mod_ssl, exiting.
With respect to above error, I did some research as follows
-
Same value is coming for both
openssl x509 -noout -in STAR_domain_com.crt | openssl md5
openssl rsa -noout -in server.key | openssl md5
-
put following line in /etc/apache2/sites-available/default-ssl.conf
SSLCertificateChainFile ./ssls/PositiveSSL.ca-bundle
-
Many more things listed on www.google.com 🙁
Each time i restart the apache, getting the same error.
Anything out there?
Best Answer
Use
SSLCACertificateFileinstead ofSSLCertificateChainFile.Also, be sure that they are in the correct directories accessible by Apache. You can also transfer your certificates to
/etc/ssl/privateto double check.