Error Setting Up Go Daddy SSL on Ubuntu Apache2

Question

I am pretty new to linux and am attempting to configure an SSL from Go Daddy. I followed the instructions on how to generate the key to send to Go Daddy for the cert. Here is the guide I followed: http://support.godaddy.com/help/article/5269/generating-a-certificate-signing-request-csr-apache-2x?pc_split_value=1

For the password I just hit enter at the prompt and did not specify any password. They issued the cert and I have setup virtual host on my apache2 server. I enabled modSSL with apache. This is the log I get when I restarted apache:

[Fri Aug 24 02:32:37 2012] [notice] Apache/2.2.17 (Ubuntu) PHP/5.3.5-1ubuntu7.10 with Suhosin-Patch mod_ssl/2.2.17 OpenSSL/0.9.8o configured -- resuming normal operations

I setup the following virtual host information (private details omitted for security):

<VirtualHost IP_ADDRESS_HERE:443>
ServerAdmin MY_EMAIL
ServerName WWW_SERVER_NAME_COM
DocumentRoot PATH_TO_HTDOCS
<Directory />
    Options FollowSymLinks
    AllowOverride All
</Directory>

ErrorLog PATH_TO_LOGS/error.log
CustomLog PATH_TO_LOGS/access.log combined
SSLEngine on
SSLCertificateFile PATH_TO_SSL/MY_SITE_NAME.com.crt
SSLCertificateKeyFile PATH_TO_SSL/MY_SITE_NAME.csr
SSLCertificateChainFile PATH_TO_SSL/gd_bundle.crt
</VirtualHost>

When I go to restart apache after I added those details to my virtual host I receive the following error message in my error log:

[Fri Aug 24 02:23:55 2012] [error] Init: Private key not found
[Fri Aug 24 02:23:55 2012] [error] SSL Library Error: 218710120 error:0D094068:asn1     encoding routines:d2i_ASN1_SET:bad tag
[Fri Aug 24 02:23:55 2012] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Fri Aug 24 02:23:55 2012] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
[Fri Aug 24 02:23:55 2012] [error] SSL Library Error: 218734605 error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib
[Fri Aug 24 02:28:02 2012] [error] Init: Private key not found
[Fri Aug 24 02:28:02 2012] [error] SSL Library Error: 218710120 error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad tag
[Fri Aug 24 02:28:02 2012] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Fri Aug 24 02:28:02 2012] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
[Fri Aug 24 02:28:02 2012] [error] SSL Library Error: 218734605 error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib

I'm new to using SSL with apache so any help would be greatly appreciated. I have done a good bit of Googling and have attempted to follow what's out there best I could but I am hoping that a seasoned expert can spot a noob mistake.

If I remove the SSL info I can view the site from MY_SITE:443 so the port is open and apache is listening/serving.

Answer 1

You're haven't installed your private key. This...

SSLCertificateKeyFile PATH_TO_SSL/MY_SITE_NAME.csr

...is pointing at your Certificiate Signing Request (CSR), which is basically a "pre-certificate" that has been signed with your private key. You send this to the SSL provider and they sign it with their private key, and now you have a certificate.

You generated your private key when you ran this command:

openssl req -new -newkey rsa:2048 -nodes \
  -keyout yourdomain.key -out yourdomain.csr

The -keyout option indicates that your key is in a file called yourdomain.key. This is what needs to be supplied to the SSLCertificateKeyFile option in your Apache configuration.