Apache 网络服务器:无法识别 SSL 证书

tag-icon tag-icon linux apache-2.2 debian ssl ssl-certificate
Apache 网络服务器:无法识别 SSL 证书

我正在尝试为 Apache Web 服务器指定 SSL 证书,但出现了一些奇怪的错误。不幸的是,我对 SSL 了解不多。有人能帮我解决一下吗?

错误日志在 /var/log/apache2/error.log 中:

 [Mon Jan 11 16:32:23 2016] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Jan 11 16:32:23 2016] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
[Mon Jan 11 16:32:23 2016] [error] SSL Library Error: 67710980 error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib
[Mon Jan 11 16:32:23 2016] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Jan 11 16:32:23 2016] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
[Mon Jan 11 16:34:18 2016] [error] Init: Private key not found
[Mon Jan 11 16:34:18 2016] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Jan 11 16:34:18 2016] [error] SSL Library Error: 218640442 error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
[Mon Jan 11 16:34:18 2016] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Jan 11 16:34:18 2016] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
[Mon Jan 11 16:34:18 2016] [error] SSL Library Error: 67710980 error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib
[Mon Jan 11 16:34:18 2016] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Jan 11 16:34:18 2016] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error

我已经以这种方式配置了 SSL:

Listen 443
<VirtualHost _default_:443>
JkMount /* loadbalancer
SSLEngine on
SSLCertificateFile /path/to/domainname.crt
SSLCertificateKeyFile /path/to/domainname.key
</VirtualHost>

SSL 提供商提供的文件包括.ca-bundle, .p7c, .combined, .crt, .csr, .key, .key.pem.

那么 Apache 如何理解 SSL。请告诉我。谢谢。

更新

根据蒂姆的建议,我确实查看了cat这些文件,它们看起来如下:

cat 文件名.crt:

---BEGIN CERTIFICATE---
Random Characters
---END CERTIFICATE--

cat 文件名.key

 ---BEGIN CERTIFICATE---
    Random Characters
    ---END CERTIFICATE--

cat 文件名.key.pem

Bag Attributes
    friendlyName: domain_name.com
    localKeyID: some integers here
Key Attributes: <No Attributes>
-----BEGIN PRIVATE KEY-----
    Random Characters
-----END PRIVATE KEY-----

答案1

wrong tag是您拥有的最佳指标。Apache 假定您的密钥和证书如下所示。检查您引用的文件是否符合这些标准。

证书

-----BEGIN CERTIFICATE-----
xxxxxxx
-----END CERTIFICATE-----

钥匙

-----BEGIN PRIVATE KEY-----
xxxxxxx
-----END PRIVATE KEY-----

如果您指向具有此类附加元数据的文件,您将收到上述错误。

Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number:
            xx:yy:zz...
    Signature Algorithm: sha1WithRSAEncryption
    ................
-----BEGIN CERTIFICATE-----
xxxxxx
-----END CERTIFICATE-----

相关内容