SSL证书不起作用-“无起始行"错误-Apache2 Ubuntu 16.04.1 [英] SSL Certificate not working - "no start line" Error - Apache2 Ubuntu 16.04.1
问题描述
我们正在办公室设置一个新的子域,并使用我们的通配符SSL证书.我已经创建了密钥和csr文件.然后,我已发送到csr文件以获取我们现在拥有的cer文件.(我将发布进一步运行的命令).然后,在将a2ensite用于新域之后,我将文件复制到/etc/ssl/private和/etc/ssl/certs文件夹中,并更新了apache conf文件.尝试重新启动apache时,显示以下错误消息:
We're setting up a new subdomain at the office and using our wildcard SSL Cert we have. I've created my key, and my csr files. I've then sent to csr file off to get our cer file, which i now have. (I will posted commands I've run further down). I've then copied the files into the /etc/ssl/private and /etc/ssl/certs folders, and updated the apache conf file, after using a2ensite for our new domain. When trying to restart apache, the following error message is displayed:
SSL库错误:错误:0906D06C:PEM例程:PEM_read_bio:无起始行(预期:受信任的证书)-文件内容或格式错误-甚至只是被遗忘的SSLCertificateKeyFile?
到目前为止,我已经运行了Bash命令(我省略了域名):
Bash commands i've run so far (I have omitted out domain name):
openssl genrsa -des3 -out [domain].key 2048
openssl rsa -in star.[domain].key -out star.[domain].key.insecure
mv star.[domain].key star.[domain].key.secure
mv star.[domain].key.insecure star.[domain].key
openssl req -new -key star.[domain].key -out star.[domain].csr
在创建中请求我们的域时,输入的是*.[domain],而不是star.[domain],因为这是我们提供者所要求的.然后,我们将csr文件发送给我们的提供商,并收到了我们的.cer回信.
When our domain was requested in the creation *.[domain] was entered, rather than star.[domain], as this is what is required by our provider. We then sent our csr file to our provider, and received our .cer back.
我将.cer复制到/etc/ssl/certs/star.[domain].cer和/etc/ssl/private/star.[domain].key,然后更新了apache conf文件[subdomain].[域] .conf,其中包含以下内容:
I copied the .cer to /etc/ssl/certs/star.[domain].cer and /etc/ssl/private/star.[domain].key and then updated the apache conf file [subdomain].[domain].conf with the following:
ServerAdmin IT@[domain]
ServerName [subdomain].[domain]
ServerAlias [subdomain].[domain]
SSLCertificateFile /etc/ssl/certs/star.[domain].cer
SSLCertificateKeyFile /etc/ssl/private/star.[domain].key
保存并重新启动apache( service apache2 restart )后,出现上述错误.
After saving and restarting apache (service apache2 restart), I am presented with the above error.
推荐答案
我最终解决了这个问题.Cert以pkcs7格式编码,Ubuntu不喜欢.我使用以下命令将证书转换为PEM,现在一切正常并运行.
I resolved this in the end. The Cert was encoded in pkcs7 format, which Ubuntu doesn't like. I converted the cert into PEM, using the below command, and everything is up and running now.
openssl pkcs7 -print_certs -in certificate.cer -out certificate.pem
这篇关于SSL证书不起作用-“无起始行"错误-Apache2 Ubuntu 16.04.1的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
