Linux
Apache 網路伺服器:不理解 SSL 證書
我正在嘗試為 Apache 網路伺服器指定一個 SSL 證書,但我遇到了一些奇怪的錯誤。不幸的是,我對 SSL 了解不多。有人可以幫助我。
/var/log/apache2/error.log 中的錯誤日誌:
[Mon Jan 11 16:32:23 2016] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag [Mon Jan 11 16:32:23 2016] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error [Mon Jan 11 16:32:23 2016] [error] SSL Library Error: 67710980 error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib [Mon Jan 11 16:32:23 2016] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag [Mon Jan 11 16:32:23 2016] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error [Mon Jan 11 16:34:18 2016] [error] Init: Private key not found [Mon Jan 11 16:34:18 2016] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag [Mon Jan 11 16:34:18 2016] [error] SSL Library Error: 218640442 error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error [Mon Jan 11 16:34:18 2016] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag [Mon Jan 11 16:34:18 2016] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error [Mon Jan 11 16:34:18 2016] [error] SSL Library Error: 67710980 error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib [Mon Jan 11 16:34:18 2016] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag [Mon Jan 11 16:34:18 2016] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
我以這種方式配置了 SSL:
Listen 443 <VirtualHost _default_:443> JkMount /* loadbalancer SSLEngine on SSLCertificateFile /path/to/domainname.crt SSLCertificateKeyFile /path/to/domainname.key </VirtualHost>
SSL 提供商提供的文件是
.ca-bundle, .p7c, .combined, .crt, .csr, .key, .key.pem.
那麼Apache如何理解SSL。請告訴我。謝謝你。
更新
根據蒂姆的建議,我確實呼叫
cat
了文件,它們看起來如下:貓文件名.crt:
---BEGIN CERTIFICATE--- Random Characters ---END CERTIFICATE--
貓文件名.key
---BEGIN CERTIFICATE--- Random Characters ---END CERTIFICATE--
貓文件名.key.pem
Bag Attributes friendlyName: domain_name.com localKeyID: some integers here Key Attributes: <No Attributes> -----BEGIN PRIVATE KEY----- Random Characters -----END PRIVATE KEY-----
是您擁有的
wrong tag
最佳指標。Apache 假定您的密鑰和證書如下所示。檢查您引用的文件是否符合這些條件。證書
-----BEGIN CERTIFICATE----- xxxxxxx -----END CERTIFICATE-----
鑰匙
-----BEGIN PRIVATE KEY----- xxxxxxx -----END PRIVATE KEY-----
如果您指向具有此類附加元數據的文件,您將收到上述錯誤。
Certificate: Data: Version: 1 (0x0) Serial Number: xx:yy:zz... Signature Algorithm: sha1WithRSAEncryption ................ -----BEGIN CERTIFICATE----- xxxxxx -----END CERTIFICATE-----