SSL安装问题 - ＆QUOT;键值不匹配＆QUOT; （但它们匹配吗？） [英] SSL install problem - "key value mismatch" (but they do match?)

问题描述

所以我被送到一个新的公共证书安装在一台服务器（.crt文件）。完成。重新启动Apache - 失败

So I've been sent a new public cert to install on a server (.crt file). Done. Restart apache - "FAILED".

错误消息：

[Tue Jan 11 12:51:37 2011] [error] Unable to configure RSA server private key 
[Tue Jan 11 12:51:37 2011] [error] SSL Library Error: 185073780 error:0B080074:
x509 certificate routines:X509_check_private_key:key values mismatch

我检查键值：

openssl rsa -noout -modulus -in server.key | openssl md5
openssl x509 -noout -modulus -in server.crt | openssl md5

和它们匹配。

我检查的路径在我的ssl.conf文件，它们都指向正确的文件。

I've checked the paths in my ssl.conf file, and they ARE pointing to the correct files.

如果我恢复旧的（已过期）证书文件，apache的启动好了，所以它绝对不喜欢的东西，对新的。

If I reinstate the old (expired) cert file, apache starts up ok, so it definitely doesn't like something about the new one.

这是一个GeoTrust的QuickSSL，并将其与我应该在地方，我用的了CA-bundle.crt文件在使用前

It's a GeoTrust QuickSSL, and it came with an "intermediate.crt" that I'm supposed to use in place of the the "ca-bundle.crt" file that I was using before

SSLCertificateFile /etc/pki/tls/certs/www.domain.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/www.domain.com.key
SSLCACertificateFile /etc/pki/tls/certs/intermediate.crt

任何想法我可能是做错了？任何更多的信息你需要什么？

Any ideas what I might be doing wrong? Any more info you need?

谢谢！

推荐答案

我也遇到了同样的错误。在我来说，我曾在验证链提供额外的CA证书。和而不是提供的证书，并在不同的文件的关键，我在一个.pem文件将它们结合在一起。

I also came across the same error. In my case I had to supply additional CA certificates in the verification chain. And instead of supplying the certificate and the key in separate files, I combined them in a .pem file.

然而，当你做到这一点，密钥和证书，加上中间一（S）的顺序很重要。正确的顺序：

However, when you do this, the order of the key and the certificate plus the intermediate one(s) is important. The correct order:

your private key
your certificate
(intermediate) CA certificate lowest in the hierarchy
other CA certificates higher in the hierarchy...
(intermediate) CA certificate highest in the hierarchy

这篇关于SSL安装问题 - ＆QUOT;键值不匹配＆QUOT; （但它们匹配吗？）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！