主页 / server / 问题 / 748243
Accepted
We are Borg
Asked: 2016-01-12 07:45:11 +0800 CST

Apache 网络服务器:不理解 SSL 证书

  • 772

我正在尝试为 Apache 网络服务器指定一个 SSL 证书,但我遇到了一些奇怪的错误。不幸的是,我对 SSL 了解不多。有人可以帮助我。

/var/log/apache2/error.log 中的错误日志:

 [Mon Jan 11 16:32:23 2016] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Jan 11 16:32:23 2016] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
[Mon Jan 11 16:32:23 2016] [error] SSL Library Error: 67710980 error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib
[Mon Jan 11 16:32:23 2016] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Jan 11 16:32:23 2016] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
[Mon Jan 11 16:34:18 2016] [error] Init: Private key not found
[Mon Jan 11 16:34:18 2016] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Jan 11 16:34:18 2016] [error] SSL Library Error: 218640442 error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
[Mon Jan 11 16:34:18 2016] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Jan 11 16:34:18 2016] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
[Mon Jan 11 16:34:18 2016] [error] SSL Library Error: 67710980 error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib
[Mon Jan 11 16:34:18 2016] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Jan 11 16:34:18 2016] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error

我以这种方式配置了 SSL:

Listen 443
<VirtualHost _default_:443>
JkMount /* loadbalancer
SSLEngine on
SSLCertificateFile /path/to/domainname.crt
SSLCertificateKeyFile /path/to/domainname.key
</VirtualHost>

SSL 提供商提供的文件是.ca-bundle, .p7c, .combined, .crt, .csr, .key, .key.pem.

那么Apache如何理解SSL。请告诉我。谢谢你。

更新

根据蒂姆的建议,我确实调用cat了文件,它们看起来如下:

猫文件名.crt:

---BEGIN CERTIFICATE---
Random Characters
---END CERTIFICATE--

猫文件名.key

 ---BEGIN CERTIFICATE---
    Random Characters
    ---END CERTIFICATE--

猫文件名.key.pem

Bag Attributes
    friendlyName: domain_name.com
    localKeyID: some integers here
Key Attributes: <No Attributes>
-----BEGIN PRIVATE KEY-----
    Random Characters
-----END PRIVATE KEY-----
linux

1 个回答

  1. Best Answer

    是您拥有的wrong tag最佳指标。Apache 假定您的密钥和证书如下所示。检查您引用的文件是否符合这些条件。

    证书

    -----BEGIN CERTIFICATE-----
xxxxxxx
-----END CERTIFICATE-----

    钥匙

    -----BEGIN PRIVATE KEY-----
xxxxxxx
-----END PRIVATE KEY-----

    如果您指向具有此类附加元数据的文件,您将收到上述错误。

    Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number:
            xx:yy:zz...
    Signature Algorithm: sha1WithRSAEncryption
    ................
-----BEGIN CERTIFICATE-----
xxxxxx
-----END CERTIFICATE-----
    • 2

相关问题