我正在尝试为 Apache Web 服务器指定 SSL 证书,但出现了一些奇怪的错误。不幸的是,我对 SSL 了解不多。有人能帮我解决一下吗?
错误日志在 /var/log/apache2/error.log 中:
[Mon Jan 11 16:32:23 2016] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Jan 11 16:32:23 2016] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
[Mon Jan 11 16:32:23 2016] [error] SSL Library Error: 67710980 error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib
[Mon Jan 11 16:32:23 2016] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Jan 11 16:32:23 2016] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
[Mon Jan 11 16:34:18 2016] [error] Init: Private key not found
[Mon Jan 11 16:34:18 2016] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Jan 11 16:34:18 2016] [error] SSL Library Error: 218640442 error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
[Mon Jan 11 16:34:18 2016] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Jan 11 16:34:18 2016] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
[Mon Jan 11 16:34:18 2016] [error] SSL Library Error: 67710980 error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib
[Mon Jan 11 16:34:18 2016] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Jan 11 16:34:18 2016] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
我已经以这种方式配置了 SSL:
Listen 443
<VirtualHost _default_:443>
JkMount /* loadbalancer
SSLEngine on
SSLCertificateFile /path/to/domainname.crt
SSLCertificateKeyFile /path/to/domainname.key
</VirtualHost>
SSL 提供商提供的文件包括.ca-bundle, .p7c, .combined, .crt, .csr, .key, .key.pem.
那么 Apache 如何理解 SSL。请告诉我。谢谢。
更新
根据蒂姆的建议,我确实查看了cat
这些文件,它们看起来如下:
cat 文件名.crt:
---BEGIN CERTIFICATE---
Random Characters
---END CERTIFICATE--
cat 文件名.key
---BEGIN CERTIFICATE---
Random Characters
---END CERTIFICATE--
cat 文件名.key.pem
Bag Attributes
friendlyName: domain_name.com
localKeyID: some integers here
Key Attributes: <No Attributes>
-----BEGIN PRIVATE KEY-----
Random Characters
-----END PRIVATE KEY-----
答案1
这wrong tag
是您拥有的最佳指标。Apache 假定您的密钥和证书如下所示。检查您引用的文件是否符合这些标准。
证书
-----BEGIN CERTIFICATE-----
xxxxxxx
-----END CERTIFICATE-----
钥匙
-----BEGIN PRIVATE KEY-----
xxxxxxx
-----END PRIVATE KEY-----
如果您指向具有此类附加元数据的文件,您将收到上述错误。
Certificate:
Data:
Version: 1 (0x0)
Serial Number:
xx:yy:zz...
Signature Algorithm: sha1WithRSAEncryption
................
-----BEGIN CERTIFICATE-----
xxxxxx
-----END CERTIFICATE-----