Friday, December 07, 2012 12:28 AM
I have an issue at the moment involving Apache and a certificate issued from a Microsoft Internal CA. We have a new application that has a requirement for SSL and is Apache based. I have successfully generated a key file from Apache, as well as a corresponding CSR which I generated the certificate from.
However, when I attempt to use the certificate generated by the internal CA, the Apache service fails to start. Providing the following message:-
"Windows could not start the Apache 2.2 on local computer........... contact the vendor and refer to service-specific error code 1"
In the system event logs the following is recorded:-
"The Apache 2.2 Service terminted with service-specificed error incorrect function"
If I revert back to the self generated certificate, the service starts with no issue at all.
Has anyone got any idea what the issue could be?
Friday, December 07, 2012 6:13 AM
thank you for posting here.
If I am correct Tomcat is using the Java keystore and Apache has a key file and a certificate file on the file system.
So for Apache make sure that the certificate is in the base64 format. E.g. if you open the file with notepad or if you run a cat on linux the first line will start with ----- BEGIN CERTIFICATE -----.
If not you need to convert the file: openssl x509 -inform DER -in <cert.der> -outform PEM -out <cert.pem>
on Windows open the certificate again, click on the Detail tab and Copy to File. Make sure that you select the base64-encoded option.
Hope that helps,
Saturday, December 08, 2012 9:12 AM
Thanks for your response, I am using the Apache Key store and the certificate I generate from our internal CA is always exported as a base64 encoded certificate . The request I generate from the Apache Service is a CSR that begins with "--------BEGIN CERTIFICATE-------------" .
I am at a real lose as to why this isnt working as the certificate is valid and and the windows OS on the target server recognises that, but Apache isnt quite as happy.
Any other things I could try?
Monday, December 10, 2012 7:30 AMModerator
Thanks for posting in Microsoft TechNet forums.
I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.
Thank you for your understanding and support.
Wednesday, December 12, 2012 9:29 AM
i'm not quite sure how Apache works with certificate. Here i'd like to provide following informaiton.
if it doesn't help, maybe we should confirm with Apache to check if there is some addtional requirements of certificate for Apache .
Best regards, Jason Mei Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Sunday, December 23, 2012 5:56 PMHi All, I found the answer to this issue and got apache to accept the new certificate. I generated a CSR from apache and submitted the request to our internal Microsoft CA. I requested the certificate against the web server template. Once approved I downloaded the certificate as a base64 and imported it on the target machine where apache was installed and where the CSR was generated from. I then exported the certificate as a base64 certificate. Once exported I renamed the file to .CRT from .CER and copied it to the SSL Cert folder within the apache directory. I stopped the Apache service and restarted it and the service now starts successfully with now errors. Thank you everyone for your help in this issue, much appreciated. Regards Hendy25
- Marked As Answer by Hendy25 Sunday, December 23, 2012 5:56 PM