最新消息:20190717 VPS服务器:Vultr新加坡,WordPress主题:大前端D8,统一介绍入口:关于

【已解决】nginx的ssl证书报错:emerg SSL_CTX_use_PrivateKey key failed SSL error 0B080074 x509 certificate routines X509_check_private_key key values mismatch

key crifan 139浏览 0评论
折腾:
【未解决】Ubuntu部署已有Django项目
期间,nginx中配置:
server {
    listen  80;
    server_name asmp.xxx.com;
    client_max_body_size 50m;


    listen 443;
    ssl on;
    ssl_certificate /root/xxx/chained.pem;
    ssl_certificate_key /root/xxx/xxx-ssl/2_asmp.xxx.com.key;


    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_session_timeout 10m;
    ssl_session_cache shared:SSL:10m;
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_trusted_certificate /root/xxx/xxx-ssl/1_asmp.xxx.com_bundle.crt;
...
结果
# nginx -s reload
nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/xxx.conf:7
nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/xxx.conf:7
nginx: [emerg] SSL_CTX_use_PrivateKey("/root/xxx/xxx-ssl/2_
asmp.xxx.com.key
") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)
结果报错
nginx: [emerg] SSL_CTX_use_PrivateKey key failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)
nginx – SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch – Stack Overflow
ssl – What does “SSL_CTX_use_PrivateKey_file” “problems getting password error” indicate in Nginx error log? – Stack Overflow
好像针对于pem,用openssl去重新生成对应格式pem即可?
Nginx SSL Certificate failed SSL: error:0B080074:x509 (Google Cloud) – Stack Overflow
Nginx SSL: error:0B080074:x509 certificate routines: X509_check_private_key
好像是应该改为:
ssl_certificate /path/to/nginx_bundle.crt;
ssl_certificate_key /path/to/your.key;
此处是:
ssl_certificate /root/xxx/xxx-ssl/1_
asmp.xxx.com_bundle.crt;
ssl_certificate_key /root/xxx/xxx-ssl/2_
asmp.xxx.com.key;
或许就可以了?
nginx reload报错SSL: error:0B080074:x509-博乐檬-51CTO博客
Nginx ssl/https 配置-每天进步一点-51CTO博客
  ssl_certificate /var/www/sslkey/cacert.pem;
  ssl_certificate_key /var/www/sslkey/privkey.pem;
Solved – SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch | The FreeBSD Forums
Nginx 配置安装 SSL 证书与配置在线代理 | 星尘独奏曲
那先去搞清楚:
对于之前的两个文件
1_asmp.xxx.com_bundle.crt
2_asmp.xxx.com.key
好像是阿里云中拿到的,针对于nginx的。
要搞清楚如何使用。
以及参考别人的配置中的
ssl_trusted_certificate
是用用来干啥的,是不是此处可以去掉的?
之前配置都没用到:ssl_trusted_certificate
nginx https ssl_trusted_certificate
nginx配置Let’s Encrypt证书 – SegmentFault 思否
“ssl_trusted_certificate,包含PEM格式的可信CA证书列表(顺序是子证书在上、父证书在下),用于在开启ssl_stapling时验证客户端证书和OCSP Response.”
或许此处不开启 OCSP之类的stamping的东西,就不需要了
Nginx下配置高性能,高安全性的https TLS服务 – Tech Ideas
Module ngx_http_ssl_module
http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_trusted_certificate
“Syntax:
ssl_trusted_certificate file;
Default:
Context:
http, server
This directive appeared in version 1.3.7.
Specifies a file with trusted CA certificates in the PEM format used to verify client certificates and OCSP responses if ssl_stapling is enabled.
In contrast to the certificate set by ssl_client_certificate, the list of these certificates will not be sent to clients.”
改成:
    listen 443;
    ssl on;
    # ssl_certificate /root/xxx/chained.pem;
    ssl_certificate 1_asmp.xxx.com_bundle.crt;
    ssl_certificate_key /root/xxx/xxx-ssl/2_asmp.xxx.com.key;


    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_session_timeout 10m;
    ssl_session_cache shared:SSL:10m;


    # ssl_stapling on;
    # ssl_stapling_verify on;
    # ssl_trusted_certificate /root/xxx/xxx-ssl/1_asmp.xxx.com_bundle.crt;
结果:
# nginx -s reload  
nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/xxx.conf:7
nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/xxx.conf:7
貌似没问题了。

转载请注明:在路上 » 【已解决】nginx的ssl证书报错:emerg SSL_CTX_use_PrivateKey key failed SSL error 0B080074 x509 certificate routines X509_check_private_key key values mismatch

发表我的评论
取消评论

表情

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址
16 queries in 0.081 seconds, using 9.46MB memory