Problem with replacing AVS 3120 cert with Verisign

Unanswered Question
Feb 28th, 2007

I'm having some issues related to replacing the server.crt on the AVS 3120 with a cert from Verisign. I am running version 6.0. I have the cert in a PFX format. I know this cert is good because I have installed it on another machine with no problems. I used the openSSL pkcs12 utility to decrypt the PFX into a private key file and a cert.

openssl pkcs12 -in truck.pfx -nocerts -out truckkey.pem

openssl pkcs12 -in truck.pfx -clcerts -nokeys -out truckcert.pem

Both files are readable. I copied and renamed these files to server.key and server.crt in the /usr/avs/perfnode/node_manager/conf/ssl.crt/ directory and bounced the service ./fgnnmctl. (I even rebooted.) Once I rebooted, I could no longer manage the 3120 from the 3180 management console. Just for sanity, I swapped out the Verisign cert and put the original cert back in. Everything works. So it is related to the cert. The docs say you do not have to import a cert into the 3180 management console if it comes from Verisign. I tried that anyway - and the 3180 complains that it is not X.509 compliant. Here is an error_log from the 3120 in /usr/avs/perfnode/node_manager/logs which I am sure is the root of the problem:

Feb 28 15:13:57 AVS-3120-DC-1 nmgr[775]: [error] mod_ssl: Init: (localhost:9090)

Unable to configure RSA server private key (OpenSSL library error follows)

Feb 28 15:13:57 AVS-3120-DC-1 nmgr[775]: [error] OpenSSL: error:0B080074:x509 ce

rtificate routines:X509_check_private_key:key values mismatch

I get this error just starting the service ./fgnnmctl start

Has anyone seen this or can advise? Thanks.

Note: I just found that the key file should be stored in the /usr/avs/perfnode/node_manager/conf/ssl.key/ directory.

Once I moved it there, "./fgnnmctl start" worked, but it prompted me for the passphrase. Now when I reboot, the Starting fgnpn: service is waiting....probably for the passphrase to be responded to - which I can't do.

Any ideas?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion