On 11/27/2014 01:45 PM, siefke_lis...@web.de wrote: > Hello, > > has someone here running nginx with comodo ssl? I try it yet since few > hours but nginx say something what i can not understand. > > nginx -t > nginx: [emerg] SSL_CTX_use_PrivateKey_file("/var/www/de/etc/ssl/de.key") > failed (SSL: error:0B080074:x509 certificate > routines:X509_check_private_key:key values mismatch) > nginx: configuration file /etc/nginx/nginx.conf test failed > > I become from comodo a zip with a bundle file and the crt file. > > # ssl > ssl_certificate /var/www/de/etc/ssl/de.ca-bundle; > ssl_certificate_key /var/www/de/etc/ssl/de.key; > ssl_protocols TLSv1 TLSv1.1 TLSv1.2; > ssl_ciphers 'AES256+EECDH:AES256+EDH'; > ssl_prefer_server_ciphers on; > > But want not work. Check run with the error message missmatch. Has someone > expierence here? >
The CA bundle isn't your "ssl_certificate", the *.crt file is. But you probably need to concatenate them together before all browsers will accept the cert as valid. See: http://nginx.org/en/docs/http/configuring_https_servers.html I suspect you need to do, $ cat *.crt de.ca-bundle > chained.crt and then set, ssl_certificate /var/www/de/etc/ssl/chained.crt; Note: the order matters in the arguments for `cat` above.