Linux

Apache 網路伺服器:不理解 SSL 證書

  • January 11, 2016

我正在嘗試為 Apache 網路伺服器指定一個 SSL 證書,但我遇到了一些奇怪的錯誤。不幸的是,我對 SSL 了解不多。有人可以幫助我。

/var/log/apache2/error.log 中的錯誤日誌:

[Mon Jan 11 16:32:23 2016] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Jan 11 16:32:23 2016] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
[Mon Jan 11 16:32:23 2016] [error] SSL Library Error: 67710980 error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib
[Mon Jan 11 16:32:23 2016] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Jan 11 16:32:23 2016] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
[Mon Jan 11 16:34:18 2016] [error] Init: Private key not found
[Mon Jan 11 16:34:18 2016] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Jan 11 16:34:18 2016] [error] SSL Library Error: 218640442 error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
[Mon Jan 11 16:34:18 2016] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Jan 11 16:34:18 2016] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
[Mon Jan 11 16:34:18 2016] [error] SSL Library Error: 67710980 error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib
[Mon Jan 11 16:34:18 2016] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Jan 11 16:34:18 2016] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error

我以這種方式配置了 SSL:

Listen 443
<VirtualHost _default_:443>
JkMount /* loadbalancer
SSLEngine on
SSLCertificateFile /path/to/domainname.crt
SSLCertificateKeyFile /path/to/domainname.key
</VirtualHost>

SSL 提供商提供的文件是.ca-bundle, .p7c, .combined, .crt, .csr, .key, .key.pem.

那麼Apache如何理解SSL。請告訴我。謝謝你。

更新

根據蒂姆的建議,我確實呼叫cat了文件,它們看起來如下:

貓文件名.crt:

---BEGIN CERTIFICATE---
Random Characters
---END CERTIFICATE--

貓文件名.key

---BEGIN CERTIFICATE---
   Random Characters
   ---END CERTIFICATE--

貓文件名.key.pem

Bag Attributes
   friendlyName: domain_name.com
   localKeyID: some integers here
Key Attributes: <No Attributes>
-----BEGIN PRIVATE KEY-----
   Random Characters
-----END PRIVATE KEY-----

是您擁有的wrong tag最佳指標。Apache 假定您的密鑰和證書如下所示。檢查您引用的文件是否符合這些條件。

證書

-----BEGIN CERTIFICATE-----
xxxxxxx
-----END CERTIFICATE-----

鑰匙

-----BEGIN PRIVATE KEY-----
xxxxxxx
-----END PRIVATE KEY-----

如果您指向具有此類附加元數據的文件,您將收到上述錯誤。

Certificate:
   Data:
       Version: 1 (0x0)
       Serial Number:
           xx:yy:zz...
   Signature Algorithm: sha1WithRSAEncryption
   ................
-----BEGIN CERTIFICATE-----
xxxxxx
-----END CERTIFICATE-----

引用自:https://serverfault.com/questions/748243