Recently when installing a second SSL certificate for a secondary IP address on a Linux server running Litespeed as the web server I received the below error. The error at first made me think that maybe the key file still required a password even though I knew I had generated the key file not requiring a pass phrase. The error below will show up in your error.log file located in /var/lsws/logs/error.log.
Litespeed Log File Error:
2009-07-08 01:19:48.729 [ERROR] [SSL] Config SSL Context for listener 192.168.0.100:443 with Certificate File: /var/lsws/conf/cert/secondary.crt and Key File:/var/lsws/conf/cert/secondary.key get SSL error: error:0906D06C:PEM routines:PEM_read_bio:no start line
In Litespeed the SSL configuration falls underneath the Listeners drop down item which can be located below Configuration. Once you make this selection you will see a list of the listeners or IP Address/Port combinations that Litespeed is listening to. I had the basic SSL configuration which is to assign port 443, tag the Secure radial button, put in the full path to the SSL key file, put in the full path to the SSL certificate file, and check the SSL versions to allow below.
Error Resolution:
After troubleshooting for awhile I finally figured out that this error was caused by one corrupt character at the beginning of the .crt file. So if you run across this error in the scenario I describe above the chances are that you have an extra space, an extra character, an extra line, etc. in either the SSL Certificate file (.crt) or the SSL key file (.key).
Thanks for posting – saved my half an hour of head-scratching!
Hello Geoff,
No problem. Glad it saved you some time.
Thanks.
alex