[gentoo-user] nginx ssl

public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed

* [gentoo-user] nginx ssl
@ 2014-11-27 18:45 siefke_listen
  2014-11-27 22:05 ` Michael Orlitzky
  0 siblings, 1 reply; 2+ messages in thread
From: siefke_listen @ 2014-11-27 18:45 UTC (permalink / raw
  To: gentoo-user

Hello,

has someone here running nginx with comodo ssl? I try it yet since few
hours but nginx say something what i can not understand.

nginx -t
nginx: [emerg] SSL_CTX_use_PrivateKey_file("/var/www/de/etc/ssl/de.key") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)
nginx: configuration file /etc/nginx/nginx.conf test failed

I become from comodo a zip with a bundle file and the crt file.

# ssl
ssl_certificate /var/www/de/etc/ssl/de.ca-bundle;
ssl_certificate_key /var/www/de/etc/ssl/de.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'AES256+EECDH:AES256+EDH';
ssl_prefer_server_ciphers on;

But want not work. Check run with the error message missmatch. Has someone
expierence here?


Thank you & Nice day

Silvio


^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [gentoo-user] nginx ssl
  2014-11-27 18:45 [gentoo-user] nginx ssl siefke_listen
@ 2014-11-27 22:05 ` Michael Orlitzky
  0 siblings, 0 replies; 2+ messages in thread
From: Michael Orlitzky @ 2014-11-27 22:05 UTC (permalink / raw
  To: gentoo-user

On 11/27/2014 01:45 PM, siefke_listen@web.de wrote:
> Hello,
> 
> has someone here running nginx with comodo ssl? I try it yet since few
> hours but nginx say something what i can not understand.
> 
> nginx -t
> nginx: [emerg] SSL_CTX_use_PrivateKey_file("/var/www/de/etc/ssl/de.key") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)
> nginx: configuration file /etc/nginx/nginx.conf test failed
> 
> I become from comodo a zip with a bundle file and the crt file.
> 
> # ssl
> ssl_certificate /var/www/de/etc/ssl/de.ca-bundle;
> ssl_certificate_key /var/www/de/etc/ssl/de.key;
> ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
> ssl_ciphers 'AES256+EECDH:AES256+EDH';
> ssl_prefer_server_ciphers on;
> 
> But want not work. Check run with the error message missmatch. Has someone
> expierence here?
> 

The CA bundle isn't your "ssl_certificate", the *.crt file is. But you
probably need to concatenate them together before all browsers will
accept the cert as valid. See:

  http://nginx.org/en/docs/http/configuring_https_servers.html

I suspect you need to do,

  $ cat *.crt de.ca-bundle > chained.crt

and then set,

  ssl_certificate /var/www/de/etc/ssl/chained.crt;

Note: the order matters in the arguments for `cat` above.



^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2014-11-27 22:05 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-11-27 18:45 [gentoo-user] nginx ssl siefke_listen
2014-11-27 22:05 ` Michael Orlitzky

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox