1 |
On 11/27/2014 01:45 PM, siefke_listen@×××.de wrote: |
2 |
> Hello, |
3 |
> |
4 |
> has someone here running nginx with comodo ssl? I try it yet since few |
5 |
> hours but nginx say something what i can not understand. |
6 |
> |
7 |
> nginx -t |
8 |
> nginx: [emerg] SSL_CTX_use_PrivateKey_file("/var/www/de/etc/ssl/de.key") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch) |
9 |
> nginx: configuration file /etc/nginx/nginx.conf test failed |
10 |
> |
11 |
> I become from comodo a zip with a bundle file and the crt file. |
12 |
> |
13 |
> # ssl |
14 |
> ssl_certificate /var/www/de/etc/ssl/de.ca-bundle; |
15 |
> ssl_certificate_key /var/www/de/etc/ssl/de.key; |
16 |
> ssl_protocols TLSv1 TLSv1.1 TLSv1.2; |
17 |
> ssl_ciphers 'AES256+EECDH:AES256+EDH'; |
18 |
> ssl_prefer_server_ciphers on; |
19 |
> |
20 |
> But want not work. Check run with the error message missmatch. Has someone |
21 |
> expierence here? |
22 |
> |
23 |
|
24 |
The CA bundle isn't your "ssl_certificate", the *.crt file is. But you |
25 |
probably need to concatenate them together before all browsers will |
26 |
accept the cert as valid. See: |
27 |
|
28 |
http://nginx.org/en/docs/http/configuring_https_servers.html |
29 |
|
30 |
I suspect you need to do, |
31 |
|
32 |
$ cat *.crt de.ca-bundle > chained.crt |
33 |
|
34 |
and then set, |
35 |
|
36 |
ssl_certificate /var/www/de/etc/ssl/chained.crt; |
37 |
|
38 |
Note: the order matters in the arguments for `cat` above. |