nginx配置ssl启动报错
2017-07-25 00:00
323 查看
I have to add ssl (https) for a website, I was given a SSL.CSR and a SSL.KEY file. I 'dos2unix'ed them (because they have trailing ^M) and copied them to the server(CSR -> mywebsite.crt, KEY -> mywebsite.key). I did the following modification to nginx.conf:
Error happens when I restart nginx:
I figure it's because the first line of mywebsite.crt file contains 'REQUEST', so I remove 'REQUEST' from the first and last of the lines, and restart nginx again, and hit another error:
解决方法:
# openssl x509 -req -days 365 -in www.yourdomain.csr -signkey mywebsite.key -out mywebsite.crt
# vim /etc/nginx/conf.d/nginx.conf
##### 确认以下信息是否正确,特别注意两个证书名称 ####
ssl_certificate /usr/local/nginx/conf/ssl/mywebsite.crt;
ssl_certificate_key /usr/local/nginx/conf/ssl/mywebsite.key;
@@ -60,8 +60,13 @@ } server { - listen 80; + listen 443; server_name ...; + ssl on; + ssl_certificate mywebsite.crt; + ssl_certificate_key mywebsite.key; + ssl_session_cache shared:SSL:10m; + ssl_session_timeout 10m; # Set the max size for file uploads to 500Mb client_max_body_size 500M;
Error happens when I restart nginx:
nginx: [emerg] PEM_read_bio_X509_AUX("/etc/nginx/mywebsite.crt") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line:Expecting: TRUSTED CERTIFICATE)
I figure it's because the first line of mywebsite.crt file contains 'REQUEST', so I remove 'REQUEST' from the first and last of the lines, and restart nginx again, and hit another error:
nginx: [emerg] PEM_read_bio_X509_AUX("/etc/nginx/mywebsite.crt") failed (SSL: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 error error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:Field=algorithm, Type=X509_ALGOR error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:Field=signature, Type=X509_CINF error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:Field=cert_info, Type=X509 error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib)
解决方法:
# openssl x509 -req -days 365 -in www.yourdomain.csr -signkey mywebsite.key -out mywebsite.crt
# vim /etc/nginx/conf.d/nginx.conf
##### 确认以下信息是否正确,特别注意两个证书名称 ####
ssl_certificate /usr/local/nginx/conf/ssl/mywebsite.crt;
ssl_certificate_key /usr/local/nginx/conf/ssl/mywebsite.key;
相关文章推荐
- NGINX当中的SSL配置(PEM启动密码免输入)
- Nginx服务器的SSL证书配置以及对SSL的反向代理配置
- nginx配置ssl加密(单双向认证、部分https)
- Nginx配置ssl加密(单双向认证、部分https)
- nginx https ssl 配置
- LNMP架构(Nginx负载均衡、ssl原理、生成ssl密钥对、Nginx配置ssl)
- Nginx开机启动配置
- gitlab6 nginx配置和启动脚本
- nginx配置将http请求转发支持ssl双向认证https请求的正向代理
- LNMP(Nginx负载均衡,SSL原理,Nginx配置SSL,生产SSL密钥对)
- 12.17 Nginx负载均衡;12.18 ssl原理;12.19 生产ssl密钥对;12.20 Nginx配置ssl
- nginx配置ssl
- windows php nginx服务器搭建 配置 创建启动 停止 重启脚本
- nginx使用ssl模块配置HTTPS支持
- Nginx+tomcat+ssl免费证书配置
- Nginx 启用 BoringSSL的配置方法
- nginx入门一:启动,停止和重新加载配置
- 详解 Nginx + Tomcat HTTPS/SSL 配置方法
- Nginx服务安装与启动脚本配置
- Windows下Nginx配置SSL实现Https访问(包含证书生成)