Sign in
 
HomeWindows Server 2012Windows Server 2008 R2Windows Server 2003LibraryForums
Windows Server TechCenter >
Apache TomCat fails to start with Certificate Issued from a Microsoft CA

Answered Apache TomCat fails to start with Certificate Issued from a Microsoft CA

  • Friday, December 07, 2012 12:28 AM
     
     
    Sign In to Vote
    0

    Hi All,

    I have an issue at the moment involving Apache and a certificate issued from a Microsoft Internal CA. We have a new application that has a requirement for SSL and is Apache based. I have successfully generated a key file from Apache, as well as a corresponding CSR which I generated the certificate from.

    However, when I attempt to use the certificate generated by the internal CA, the Apache service fails to start. Providing the following message:-

    "Windows could not start the Apache 2.2 on local computer........... contact the vendor and refer to service-specific error code 1"

    In the system event logs the following is recorded:-

    "The Apache 2.2 Service terminted with service-specificed error incorrect function"

    If I revert back to the self generated certificate, the service starts with no issue at all.

    Has anyone got any idea what the issue could be?

    
    
    
    
    
     

All Replies

  • Friday, December 07, 2012 6:13 AM
     
     
    Sign In to Vote
    0

    Hi,

    thank you for posting here.

    If I am correct Tomcat is using the Java keystore and Apache has a key file and a certificate file on the file system.

    So for Apache make sure that the certificate is in the base64 format. E.g. if you open the file with notepad or if you run a cat on linux the first line will start with ----- BEGIN CERTIFICATE -----.

    If not you need to convert the file: openssl x509 -inform DER -in <cert.der> -outform PEM -out <cert.pem>

    OR

    on Windows open the certificate again, click on the Detail tab and Copy to File. Make sure that you select the base64-encoded option.

    Hope that helps,

    Lutz

     
  • Saturday, December 08, 2012 9:12 AM
     
     
    Sign In to Vote
    0

    Hi

    Thanks for your response, I am using the Apache Key store and the certificate I generate from our internal CA is always exported as a base64 encoded certificate . The request I generate from the Apache Service is a CSR that begins with "--------BEGIN CERTIFICATE-------------" .

    I am at a real lose as to why this isnt working as the certificate is valid and and the windows OS on the target server recognises that, but Apache isnt quite as happy.

    Any other things I could try?

     
  • Monday, December 10, 2012 7:30 AM
    Moderator
     
     
    Sign In to Vote
    0

    Hi,

    Thanks for posting in Microsoft TechNet forums.

    I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.

    Thank you for your understanding and support.

    Regards

    Kevin

    TechNet Subscriber Support

    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.

     
     
  • Wednesday, December 12, 2012 9:29 AM
     
     Answered
    Sign In to Vote
    0

    Hi,

    i'm not quite sure how Apache works with certificate. Here i'd like to provide following informaiton.

    http://httpd.apache.org/docs/2.2/glossary.html

    http://httpd.apache.org/docs/2.2/mod/mod_ssl.html

    if it doesn't help, maybe we should confirm with Apache to check if there is some addtional requirements of certificate for Apache .

    Best regards, Jason Mei Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

     
  • Sunday, December 23, 2012 5:56 PM
     
     Answered
    Sign In to Vote
    0
    Hi All, I found the answer to this issue and got apache to accept the new certificate. I generated a CSR from apache and submitted the request to our internal Microsoft CA. I requested the certificate against the web server template. Once approved I downloaded the certificate as a base64 and imported it on the target machine where apache was installed and where the CSR was generated from. I then exported the certificate as a base64 certificate. Once exported I renamed the file to .CRT from .CER and copied it to the SSL Cert folder within the apache directory. I stopped the Apache service and restarted it and the service now starts successfully with now errors. Thank you everyone for your help in this issue, much appreciated. Regards Hendy25
    • Marked As Answer by Hendy25 Sunday, December 23, 2012 5:56 PM
    •