| 1 |
On 11/27/2014 01:45 PM, siefke_listen@×××.de wrote: |
| 2 |
> Hello, |
| 3 |
> |
| 4 |
> has someone here running nginx with comodo ssl? I try it yet since few |
| 5 |
> hours but nginx say something what i can not understand. |
| 6 |
> |
| 7 |
> nginx -t |
| 8 |
> nginx: [emerg] SSL_CTX_use_PrivateKey_file("/var/www/de/etc/ssl/de.key") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch) |
| 9 |
> nginx: configuration file /etc/nginx/nginx.conf test failed |
| 10 |
> |
| 11 |
> I become from comodo a zip with a bundle file and the crt file. |
| 12 |
> |
| 13 |
> # ssl |
| 14 |
> ssl_certificate /var/www/de/etc/ssl/de.ca-bundle; |
| 15 |
> ssl_certificate_key /var/www/de/etc/ssl/de.key; |
| 16 |
> ssl_protocols TLSv1 TLSv1.1 TLSv1.2; |
| 17 |
> ssl_ciphers 'AES256+EECDH:AES256+EDH'; |
| 18 |
> ssl_prefer_server_ciphers on; |
| 19 |
> |
| 20 |
> But want not work. Check run with the error message missmatch. Has someone |
| 21 |
> expierence here? |
| 22 |
> |
| 23 |
|
| 24 |
The CA bundle isn't your "ssl_certificate", the *.crt file is. But you |
| 25 |
probably need to concatenate them together before all browsers will |
| 26 |
accept the cert as valid. See: |
| 27 |
|
| 28 |
http://nginx.org/en/docs/http/configuring_https_servers.html |
| 29 |
|
| 30 |
I suspect you need to do, |
| 31 |
|
| 32 |
$ cat *.crt de.ca-bundle > chained.crt |
| 33 |
|
| 34 |
and then set, |
| 35 |
|
| 36 |
ssl_certificate /var/www/de/etc/ssl/chained.crt; |
| 37 |
|
| 38 |
Note: the order matters in the arguments for `cat` above. |
Archives