Nginx SSL Certificate failed SSL: error:0B080074:x509 (Google Cloud) -


my server hosted in bluehost (apache), certificate working fine. now, i'm using google cloud multiple pages in nodejs on different port using proxy_pass. trying configure ssl have problems. looking similar questions, still shows same error. created key file following link

/var/log/nginx/error.log:

2015/07/08 10:47:20 [emerg] 2950#0: sl_ctx_use_privatekey_file("/etc/nginx/ssl/domain_com/domain_com.key") failed (ssl: error:0b080074:x509 certificate routines:x509_check_private_key:key values mismatch)

when put on console:

openssl rsa -noout -modulus -in domain_com.key shows me this:

modulus=d484dd1......512 characters in total......5a8f3def999005f

openssl x509 -noout -modulus -in ssl-bundle.crt:

modulus=b1e3b0a.......512 characters in total......afc79424be139

this nginx setup:

server {     listen 443;     server_name www.domain.com;      ssl_certificate /etc/nginx/ssl/domain_com/ssl-bundle.crt;     ssl_certificate_key /etc/nginx/ssl/domain_com/domain_com.key;      ssl on;     ssl_session_cache builtin:1000 shared:ssl:10m;     ssl_protocols tlsv1 tlsv1.1 tlsv1.2;     ssl_ciphers high:!anull:!enull:!export:!camellia:!des:!md5:!psk:!rc4;     ssl_prefer_server_ciphers on;      access_log /var/log/nginx/domain_com.access.log;      location / {        proxy_set_header                         host $host;        proxy_set_header x-real-ip               $remote_addr;        proxy_set_header x-forwarded-for         $proxy_add_x_forwarded_for;        proxy_set_header x-forwarded-proto       $scheme;        proxy_pass                               http://localhost:8086;        proxy_read_timeout                       90;        proxy_redirect                           http://localhost:8086 https://www.domain.com;     } }

enter image description here

the problem may occur in case of wrong concatenation order. tried:

cat www_example_com.crt comodorsadomainvalidationsecureserverca.crt  comodorsaaddtrustca.crt addtrustexternalcaroot.crt > ssl-bundle.crt

which looks correct, concatenation require eliminate download root ca, therefore nginx creator said:

browsers store intermediate certificates receive , signed trusted authorities, actively used browsers may have required intermediate certificates , may not complain certificate sent without chained bundle.

the official docs explicitly says:

if server certificate , bundle have been concatenated in wrong order, nginx fail start , display error message:

ssl_ctx_use_privatekey_file(" ... /www.example.com.key") failed    (ssl: error:0b080074:x509 certificate routines:     x509_check_private_key:key values mismatch)

because nginx has tried use private key bundle’s first certificate instead of server certificate.

so solve problem please try:

  1. attach www_example_com.crt ssl_certificate nginx config key

  2. download latest comodo ca certificates sha2 official web page , try 1 more time concatenate bundle


Comments

Post a Comment

Popular posts from this blog

toolbar - How to add link to user registration inside toobar in admin joomla 3 custom component -

im trying write component admin side , need add user creation. dont want duplicate existing codes add link. know how add task not simple link toolbar. thx help. if wanting button opens new user screen can try in component: $bar = jtoolbar::getinstance('toolbar'); $bar->appendbutton('link', 'users', 'new user','index.php?option=com_users&task=user.add'); you need add view.html.php file wherever you're creating toolbar. is need?
Read more

linux - disk space limitation when creating war file -

i have 1 gb disk space limitation hosting app , have used 700mb of it. however want create war file directory big (around 600mb) using command : jar -cvf root.war folderpath that's why encounter quota limitation , can't following. i'm looking way delete folder content when it's applying archive conserve disk space take note can't install zip tool in ssh shell ~ the code works on test directories, test first anyway, deletes files. it's not efficient. assumptions: 300mb free space, in destructively compress 600mb folderpath directory. none of files big -- if file in folderpath 300mb or larger, fail. notes: if ' $out ' file exists, nothing. first find pipes file list while , if ' $out ' doesn't exist in loop, create it, don't update -- if does exist, update it. each pass adds 1 more file, deletes unless file directory. after loop finishes delete empty directories too. unset u ; in=folderpath ; out=roo...
Read more