Nginx SSL Certificate failed SSL: error:0B080074:x509 (Google Cloud)
Nginx SSL Certificate failed SSL: error:0B080074:x509 (Google Cloud)
我的服务器托管在 Bluehost (Apache) 中,证书运行良好。现在,我使用 Google Cloud 在不同端口上的 NodeJS 中使用 proxy_pass 的多个页面。我正在尝试配置 SSL,但遇到问题。我一直在寻找类似的问题,但它仍然显示相同的错误。我在 link
之后创建了密钥文件
/var/log/nginx/error.log:
2015/07/08 10:47:20 [emerg] 2950#0: SL_CTX_use_PrivateKey_file("/etc/nginx/ssl/domain_com/domain_com.key") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)
当我打开控制台时:
openssl rsa -noout -modulus -in domain_com.key 告诉我这个:
Modulus=D484DD1......512 characters in total......5A8F3DEF999005F
openssl x509 -noout -modulus -in ssl-bundle.crt:
Modulus=B1E3B0A.......512 characters in total......AFC79424BE139
这是我的 Nginx 设置:
server {
listen 443;
server_name www.domain.com;
ssl_certificate /etc/nginx/ssl/domain_com/ssl-bundle.crt;
ssl_certificate_key /etc/nginx/ssl/domain_com/domain_com.key;
ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/domain_com.access.log;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:8086;
proxy_read_timeout 90;
proxy_redirect http://localhost:8086 https://www.domain.com;
}
}
如果连接顺序错误,可能会出现此问题。您尝试过:
cat www_example_com.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > ssl-bundle.crt
这看起来是正确的,但串联通常需要消除从根 CA 的额外下载,因此 Nginx 的创建者 said:
Browsers usually store intermediate certificates which they receive
and which are signed by trusted authorities, so actively used browsers
may already have the required intermediate certificates and may not
complain about a certificate sent without a chained bundle.
The official docs 明确表示:
If the server certificate and the bundle have been concatenated in
the wrong order, nginx will fail to start and will display the error
message:
SSL_CTX_use_PrivateKey_file(" ... /www.example.com.key") failed
(SSL: error:0B080074:x509 certificate routines:
X509_check_private_key:key values mismatch)
because nginx has tried to use the private key with the bundle’s first
certificate instead of the server certificate.
所以要解决问题请尝试:
附加 www_example_com.crt 到 ssl_certificate Nginx 配置密钥
从 official web page 下载最新的 Comodo CA 证书 SHA2,然后再尝试一次连接包
我的服务器托管在 Bluehost (Apache) 中,证书运行良好。现在,我使用 Google Cloud 在不同端口上的 NodeJS 中使用 proxy_pass 的多个页面。我正在尝试配置 SSL,但遇到问题。我一直在寻找类似的问题,但它仍然显示相同的错误。我在 link
/var/log/nginx/error.log:
2015/07/08 10:47:20 [emerg] 2950#0: SL_CTX_use_PrivateKey_file("/etc/nginx/ssl/domain_com/domain_com.key") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)
当我打开控制台时:
openssl rsa -noout -modulus -in domain_com.key 告诉我这个:
Modulus=D484DD1......512 characters in total......5A8F3DEF999005F
openssl x509 -noout -modulus -in ssl-bundle.crt:
Modulus=B1E3B0A.......512 characters in total......AFC79424BE139
这是我的 Nginx 设置:
server {
listen 443;
server_name www.domain.com;
ssl_certificate /etc/nginx/ssl/domain_com/ssl-bundle.crt;
ssl_certificate_key /etc/nginx/ssl/domain_com/domain_com.key;
ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/domain_com.access.log;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:8086;
proxy_read_timeout 90;
proxy_redirect http://localhost:8086 https://www.domain.com;
}
}
如果连接顺序错误,可能会出现此问题。您尝试过:
cat www_example_com.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > ssl-bundle.crt
这看起来是正确的,但串联通常需要消除从根 CA 的额外下载,因此 Nginx 的创建者 said:
Browsers usually store intermediate certificates which they receive and which are signed by trusted authorities, so actively used browsers may already have the required intermediate certificates and may not complain about a certificate sent without a chained bundle.
The official docs 明确表示:
If the server certificate and the bundle have been concatenated in the wrong order, nginx will fail to start and will display the error message:
SSL_CTX_use_PrivateKey_file(" ... /www.example.com.key") failed (SSL: error:0B080074:x509 certificate routines: X509_check_private_key:key values mismatch)because nginx has tried to use the private key with the bundle’s first certificate instead of the server certificate.
所以要解决问题请尝试:
附加 www_example_com.crt 到 ssl_certificate Nginx 配置密钥
从 official web page 下载最新的 Comodo CA 证书 SHA2,然后再尝试一次连接包