Help! pem_read_bio: bad end line

[satang]

2004-07-27 17:41:50.185 [ERROR] [SSL] Config SSL Context for listener 210.54.92.188:443 with Certificate File: /mv/
ssl/www.bnz.marketview.co.nz.reply and Key File:/mv/ssl/www.bnz.marketview.co.nz get SSL error: error:0906D066EM
routinesEM_read_bio:bad end line

I've just stuck my SSL certificate that Apache was using; it looks like this:

-----BEGIN CERTIFICATE-----
MIIDHj...
....==

Nevermind, I fixed it by adding to the end of the cert:
-----END CERTIFICATE-----

For some reason, Apache (w/OpenSSL 0.9.7d) tolerated this but LiteSpeed didn't.

 

[mistwang]

The error message is emited by OpenSSL library, LSWS is just the messenger. ;-)

Apache probably use their own wrapper function to load certificate and key files.

 

[satang]

one more thing...

errors that happen inside the OpenSSL libraries seem to give me this sort of thing:

2004-07-30 15:49:17.178 [DEBUG] Created new Listener [*:7080].
2004-07-30 15:49:17.178 [DEBUG] Created new Listener [*:80].
2004-07-30 15:49:17.178 [DEBUG] Created new Listener [192.168.1.29:443].
2004-07-30 15:49:17.178 [DEBUG] [SSL] Create SSL context for listener 192.168.1.29:443 with Certificate file: /mv/ssl/bnz-dev.private.marketview.co.nz.crt and Key File: /mv/app/dev/bnz/conf/priv.key.
2004-07-30 15:49:17.181 [ERROR] [SSL] Config SSL Context for listener 192.168.1.29:443 with Certificate File: /mv/ssl/bnz-dev.private.marketview.co.nz.crt and Key File:/mv/app/dev/bnz/conf/priv.key get SSL error: error:0B080074:x509 certificate routines:X509_check_private_key:key values mis
2004-07-30 15:49:17.185 [NOTICE] [AutoRestarter] child process with pid=20552 received signal=11, a core file is created!
2004-07-30 15:49:17.185 [NOTICE] [AutoRestarter] stop children processes and remove created unix sockets!
2004-07-30 15:49:17.293 [WARN] [AutoRestarter] forking too frequently, suspend for a while!

This means that when you restart the web server after changing the SSL configuration, you can be left with nothing but a "connection refused" message! Much better just to disable the listener with the fault...

Maybe you should link to a guide to making these keys from that dialog? Most users will find this tricky.

 

[mistwang]

Look like it caused by private key, certificate mismatch.
The core dump should be fixed.

Maybe you should link to a guide to making these keys from that dialog? Most users will find this tricky.

Yes, we plan to add self signed certificate generation and private key, certificate verification in the web interface.