Nginx SSL证书SSL失败：错误：0B080074：x509(Google Cloud)

我的服务器托管在Bluehost(Apache)中,证书工作正常.现在,我在使用proxy_pass在不同端口上的NodeJS中使用Google Cloud进行多个页面.我正在尝试配置SSL,但我遇到了问题.我正在寻找类似的问题,但它仍然显示相同的错误.我在link之后创建了密钥文件

/var/log/Nginx/error.log：

2015/07/08 10:47:20 [emerg] 2950#0: SL_CTX_use_PrivateKey_file(“/etc/Nginx/ssl/domain_com/domain_com.key”) Failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)

当我戴上控制台时：

openssl rsa -noout -modulus -in domain_com.key告诉我这个：

Modulus=D484DD1......512 characters in total......5A8F3DEF999005F

openssl x509 -noout -modulus -in ssl-bundle.crt：

Modulus=B1E3B0A.......512 characters in total......AFC79424BE139

这是我的Nginx设置：

server {
    listen 443;
    server_name www.domain.com;

    ssl_certificate /etc/Nginx/ssl/domain_com/ssl-bundle.crt;
    ssl_certificate_key /etc/Nginx/ssl/domain_com/domain_com.key;

    ssl on;
    ssl_session_cache builtin:1000 shared:SSL:10m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    ssl_prefer_server_ciphers on;

    access_log /var/log/Nginx/domain_com.access.log;

    location / {
       proxy_set_header                         Host $host;
       proxy_set_header X-Real-IP               $remote_addr;
       proxy_set_header X-Forwarded-For         $proxy_add_x_forwarded_for;
       proxy_set_header X-Forwarded-Proto       $scheme;
       proxy_pass                               http://localhost:8086;
       proxy_read_timeout                       90;
       proxy_redirect                           http://localhost:8086 https://www.domain.com;
    }
}

解决方法:

如果连接顺序错误,可能会出现此问题.你试过：

cat www_example_com.crt COModoRSADomainValidationSecureServerCA.crt  COModoRSAAddTrustCA.crt AddTrustExternalCARoot.crt > ssl-bundle.crt

这看起来是正确的,但连接通常需要从根CA中删除额外的下载,因此Nginx创建者said：

browsers usually store intermediate certificates which they receive
and which are signed by trusted authorities, so actively used browsers
may already have the required intermediate certificates and may not
complain about a certificate sent without a chained bundle.

The official docs明确说：

If the server certificate and the bundle have been concatenated in
the wrong order, Nginx will fail to start and will display the error
message:

06001

because Nginx has tried to use the private key with the bundle’s first
certificate instead of the server certificate.

所以要解决这个问题请尝试：

>将www_example_com.crt附加到ssl_certificate Nginx配置密钥
>从official web page下载最新的Comodo CA证书SHA2,并再次尝试连接捆绑包

版权声明：本文内容由互联网用户自发贡献，该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容， 请发送邮件至 [email protected] 举报，一经查实，本站将立刻删除。