Help! pem_read_bio: bad end line

Discussion in 'Install/Configuration' started by satang, Jul 27, 2004.

  1. satang

    satang New Member

    2004-07-27 17:41:50.185 [ERROR] [SSL] Config SSL Context for listener 210.54.92.188:443 with Certificate File: /mv/
    ssl/www.bnz.marketview.co.nz.reply and Key File:/mv/ssl/www.bnz.marketview.co.nz get SSL error: error:0906D066:pEM
    routines:pEM_read_bio:bad end line

    I've just stuck my SSL certificate that Apache was using; it looks like this:

    -----BEGIN CERTIFICATE-----
    MIIDHj...
    ....==

    Nevermind, I fixed it by adding to the end of the cert:
    -----END CERTIFICATE-----

    For some reason, Apache (w/OpenSSL 0.9.7d) tolerated this but LiteSpeed didn't.
  2. mistwang

    mistwang LiteSpeed Staff

    The error message is emited by OpenSSL library, LSWS is just the messenger. ;-)

    Apache probably use their own wrapper function to load certificate and key files.
  3. satang

    satang New Member

    one more thing...

    errors that happen inside the OpenSSL libraries seem to give me this sort of thing:

    Code:
    2004-07-30 15:49:17.178 [DEBUG] Created new Listener [*:7080].
    2004-07-30 15:49:17.178 [DEBUG] Created new Listener [*:80].
    2004-07-30 15:49:17.178 [DEBUG] Created new Listener [192.168.1.29:443].
    2004-07-30 15:49:17.178 [DEBUG] [SSL] Create SSL context for listener 192.168.1.29:443 with Certificate file: /mv/ssl/bnz-dev.private.marketview.co.nz.crt and Key File: /mv/app/dev/bnz/conf/priv.key.
    2004-07-30 15:49:17.181 [ERROR] [SSL] Config SSL Context for listener 192.168.1.29:443 with Certificate File: /mv/ssl/bnz-dev.private.marketview.co.nz.crt and Key File:/mv/app/dev/bnz/conf/priv.key get SSL error: error:0B080074:x509 certificate routines:X509_check_private_key:key values mis
    2004-07-30 15:49:17.185 [NOTICE] [AutoRestarter] child process with pid=20552 received signal=11, a core file is created!
    2004-07-30 15:49:17.185 [NOTICE] [AutoRestarter] stop children processes and remove created unix sockets!
    2004-07-30 15:49:17.293 [WARN] [AutoRestarter] forking too frequently, suspend for a while!
    
    This means that when you restart the web server after changing the SSL configuration, you can be left with nothing but a "connection refused" message! Much better just to disable the listener with the fault...

    Maybe you should link to a guide to making these keys from that dialog? Most users will find this tricky.
  4. mistwang

    mistwang LiteSpeed Staff

    Look like it caused by private key, certificate mismatch.
    The core dump should be fixed.
    Yes, we plan to add self signed certificate generation and private key, certificate verification in the web interface. :)

Share This Page