On 11/27/2014 01:45 PM, siefke_lis...@web.de wrote:
> Hello,
>
> has someone here running nginx with comodo ssl? I try it yet since few
> hours but nginx say something what i can not understand.
>
> nginx -t
> nginx: [emerg] SSL_CTX_use_PrivateKey_file("/var/www/de/etc/ssl/de.key")
> failed (SSL: error:0B080074:x509 certificate
> routines:X509_check_private_key:key values mismatch)
> nginx: configuration file /etc/nginx/nginx.conf test failed
>
> I become from comodo a zip with a bundle file and the crt file.
>
> # ssl
> ssl_certificate /var/www/de/etc/ssl/de.ca-bundle;
> ssl_certificate_key /var/www/de/etc/ssl/de.key;
> ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
> ssl_ciphers 'AES256+EECDH:AES256+EDH';
> ssl_prefer_server_ciphers on;
>
> But want not work. Check run with the error message missmatch. Has someone
> expierence here?
>
The CA bundle isn't your "ssl_certificate", the *.crt file is. But you
probably need to concatenate them together before all browsers will
accept the cert as valid. See:
http://nginx.org/en/docs/http/configuring_https_servers.html
I suspect you need to do,
$ cat *.crt de.ca-bundle > chained.crt
and then set,
ssl_certificate /var/www/de/etc/ssl/chained.crt;
Note: the order matters in the arguments for `cat` above.
