Geek Answers Handbook

Nginx SSL SSL Certificate Failure: Error: 0B080074: x509 (Google Cloud)

My server was hosted on Bluehost (Apache), the certificate worked fine. Now I am using Google Cloud for several pages in NodeJS on another port using proxy_pass. I am trying to configure SSL, but I am having problems. I searched for similar questions, but still showing the same error. I created a key file following this link

/var/log/nginx/error.log

2015/07/08 10:47:20 [emerg] 2950 # 0: SL_CTX_use_PrivateKey_file ("/etc/nginx/ssl/domain_com/domain_com.key") failed (SSL: error: 0B080074: x509 verification procedure: X509_check_private_key: mismatch key values)

When I put on the console:

openssl rsa -noout -modulus -in domain_com.key shows me this:

Modulus=D484DD1......512 characters in total......5A8F3DEF999005F

openssl x509 -noout -modulus -in ssl-bundle.crt :

Modulus=B1E3B0A.......512 characters in total......AFC79424BE139

This is my Nginx installation:

server {
    listen 443;
    server_name www.domain.com;

    ssl_certificate /etc/nginx/ssl/domain_com/ssl-bundle.crt;
    ssl_certificate_key /etc/nginx/ssl/domain_com/domain_com.key;

    ssl on;
    ssl_session_cache builtin:1000 shared:SSL:10m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    ssl_prefer_server_ciphers on;

    access_log /var/log/nginx/domain_com.access.log;

    location / {
       proxy_set_header                         Host $host;
       proxy_set_header X-Real-IP               $remote_addr;
       proxy_set_header X-Forwarded-For         $proxy_add_x_forwarded_for;
       proxy_set_header X-Forwarded-Proto       $scheme;
       proxy_pass                               http://localhost:8086;
       proxy_read_timeout                       90;
       proxy_redirect                           http://localhost:8086 https://www.domain.com;
    }
}

enter image description here

+4
source share
1 answer

A problem may arise if the concatenation order is incorrect. You tried:

cat www_example_com.crt COMODORSADomainValidationSecureServerCA.crt  COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > ssl-bundle.crt

Which looks correct, but for concatenation it is usually required to exclude extra loading from the root certification authority, so the creator of Nginx said :

Browsers usually store intermediate certificates that they receive and which are signed by trusted authorities, therefore, actively used browsers may already have the required intermediate certificates and can not complain about the certificate sent without a connected packet.

:

, nginx :

SSL_CTX_use_PrivateKey_file(" ... /www.example.com.key") failed
   (SSL: error:0B080074:x509 certificate routines:
    X509_check_private_key:key values mismatch)

nginx .

, , :

  • www_example_com.crt ssl_certificate Nginx

  • Comodo CA SHA2 -

+6

More articles:


All Articles