DeveloperSide.NET Forums
February 24, 2020, 10:52:20 AM *
Welcome, Guest. Please login or register.

Login with username, password and session length
  Home Help Search Login Register  
  Show Posts
Pages: [1]
1  DeveloperSide.NET / Building a Web Server, for Linux / SSL: The provided certificate does not match the private key on: July 29, 2004, 03:01:54 AM
Have you tried setting LogLevel to "debug" and looking at error_log?

Tried that suggestion, and I only got this tantalizing tidbit in the error logs:

Invalid certificates for main site -- Not starting SSL
Site site155 has invalid certificate: 4999 The provided certificate does not match the private key.

Have you installed everything from RPMs or did you do your own builds?

Apache was already installed using RPMs when I came on but everything else I built from source.  Perhaps something broke when I uninstalled the openssl RPMs to do a custom build.

[]$ rpm -qa | grep apache

Just from a quick glance, I would try to rule out that you have all the config files updated with all the new paths for certs, locations of binaries and libs, etc...

I've sifted through the config files pretty thoroughly and everything is as it should be.  I'll look again though... you can't go through config files too many times...

And you can 'ldd httpd' (under that dir) to see which openssl libs it is linking against.

Here's what I get when I ldd httpd.  I've never used it before but I assume I'm using it correctly?

[]$ ldd /usr/sbin/httpd => /lib/ (0x40019000) => /lib/ (0x40021000) => /lib/ (0x40025000) => /lib/ (0x40042000) => /lib/ (0x40071000) => /lib/ (0x400ab000) => /usr/lib/ (0x400c1000) => /lib/ (0x400c7000)
        /lib/ => /lib/ (0x40000000)

You might also try running 'ldconfig' to update the run-time linker.

Did this, but there was no effect.

I'm starting to think that maybe I was a bit too hasty in taking out those openssl rpms to build my own.  I guess I could try to reinstall them that way...
Or how would I go about getting the same result without using rpms... I'd like to avoid them if at all possible, but it doesn't seem to be taking to the builds too well.
Thanks for your response!  I think I've made some headway..
2  DeveloperSide.NET / Building a Web Server, for Linux / SSL: The provided certificate does not match the private key on: July 28, 2004, 10:21:54 PM

I keep getting an error message regarding an invalid certificate whenever I start apache... The thing is, it was working perfectly last week.
So here's roughly the chain of events that took place up until present time.

- Bought a valid certificate

- Installed the cert onto the server

- Had an encrypted and non-encrypted version of the key

- Used the encrypted version first, but then realized that apache wouldn't start without the password so I switched to the non-encrypted key.

- SSL worked perfectly for a time

- I upgraded our php

- Then I had to install curl for use with php

- Curl needed a newer version of openssl than the one we were using so I decided to take the opportunity to upgrade the openssl software too.

- It was around this time that I noticed our https site was now refusing connections

- I tried the password protected key now and found that I was suddenly getting a "encrypted keys are not allowed on cobalt servers" type error, where before when I was using the encrypted key it was working fine, but merely asked for the key password before apache would start.

- So then I tried using a number of backup copies of the key/certificate with similar "invalid certificate" results.

- I tried using self signed certificates, both manually generated and generated by the cobalt server management system. Both gave me the "4999 The provided certificate does not match the private key" error.

- I tried downgrading our openssl software, but to no avail.

- I tried downloading the sources to apache_1.3.20 and mod_ssl-2.8.4-1.3.20, patched the apache source tree with the mod_ssl, built the apache with mod_ssl as a DSO, grabbed the new file and replaced the existing being used by apache with this new one. This didn't work either.

Here's the error when I start apache (The apache error log gives the same error):

$ /etc/rc.d/init.d/httpd start
Setting up Web Service: Site site155 has invalid certificate: 4999 The provided certificate does not match the private key.
chiliasp: module started, version

Software Versions:
the machine is a cobalt raq4
Apache 1.3.20
Openssl 0.9.7d xor 0.9.6j
mod_ssl unsure. probably mod_ssl-2.8.4-1.3.20

The key and certificate are at

I double checked that these are being read by deleting them, restarting apache, noting the error, replacing them with backups, restarting apache, and noting the different error

Anybody know what's going on here? Did I screw up the mod_ssl by installing a new version of openssl?
Pages: [1]
Powered by MySQL Powered by PHP Powered by SMF 1.1.9 | SMF © 2006-2009, Simple Machines LLC Valid XHTML 1.0! Valid CSS!