我使用openssl自行生成2个自签名证书,用于测试目的:
$ sudo openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -subj "/C=FR/ST=Charente/L=Mornac/O=Office/CN=api.cockpit.yves" -keyout /usr/local/etc/nginx/ssl/api.cockpit.yves.key -out /usr/local/etc/nginx/ssl/api.cockpit.yves.crt
Generating a 4096 bit RSA private key
..........................................................................++
...................++
writing new private key to '/usr/local/etc/nginx/ssl/api.cockpit.yves.key'
-----
$ sudo openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -subj "/C=FR/ST=Charente/L=Mornac/O=Office/CN=admin.cockpit.yves" -keyout /usr/local/etc/nginx/ssl/admin.cockpit.yves.key -out /usr/local/etc/nginx/ssl/admin.cockpit.yves.crt
Generating a 4096 bit RSA private key
..................................................................................................................................................++
..............................++
writing new private key to '/usr/local/etc/nginx/ssl/admin.cockpit.yves.key'
-----
在我的nginx.conf文件中,我设置了Https服务器:
server {
listen 8444 ssl;
server_name admin.cockpit.yves;
ssl_certificate ssl/admin.cockpit.yves.crt;
ssl_certificate_key ssl/admin.cockpit.yves.crt;
...
}
server {
listen 8445 ssl;
server_name api.cockpit.yves;
ssl_certificate ssl/api.cockpit.yves.crt;
ssl_certificate_key ssl/api.cockpit.yves.crt;
...
}
然而测试nginx配置,我收到以下错误:
sudo nginx -t
nginx: [emerg] SSL_CTX_use_PrivateKey_file("/usr/local/etc/nginx/ssl/admin.cockpit.yves.crt") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line:Expecting: ANY PRIVATE KEY error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib)
nginx: configuration file /usr/local/etc/nginx/nginx.conf test failed
感谢您的反馈
答案 0 :(得分:7)
您的密钥文件可能不包含密钥。
我也有这个问题。在我的情况下,我将 crt 粘贴到我的密钥文件中(我的实际 crt 文件是正确的)。
我的密钥文件以字符串开头:-----BEGIN RSA PRIVATE KEY-----
然后以字符串结束:-----END RSA PRIVATE KEY-----
在问题的评论中,理查德史密斯实际上建议将此作为解决方案。我发布它作为后来帮助别人的答案。向理查德道具。
<强>更新
我也通过在我提供给我的nginx服务器的crt文件中的证书之前粘贴组合证书来体验这条消息。