Apache2的SSL证书/密钥不匹配 [英] Apache2 SSL Certificate/Key mismatch

查看：1351 发布时间：2016/5/22 11:18:22 ssl apache2 openssl certificate

本文介绍了Apache2的SSL证书/密钥不匹配的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我试图建立的Apache用于SSL使用私钥和证书。问题是，阿帕奇某种程度上认为密钥和CRT文件不匹配

I'm trying to set-up Apache to use a private key and certificate for SSL usage. The problem is that Apache somehow thinks that the key and the crt files do not match:

[Thu Aug 01 11:35:18 2013] [warn] RSA server certificate wildcard CommonName (CN) `*.-----.nl' does NOT match server name!?
[Thu Aug 01 11:35:18 2013] [debug] ssl_engine_init.c(846): Configuring RSA server private key
[Thu Aug 01 11:35:18 2013] [error] Unable to configure RSA server private key
[Thu Aug 01 11:35:18 2013] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch

这个错误我检查羯羊或没有密钥和证书使用匹配之后：

After this error i checked wether or not the key and the certificate matched using:

$ openssl x509 -noout -modulus -in server.crt | openssl md5
$ openssl rsa -noout -modulus -in server.key | openssl md5

和结果都是一样的，所以似乎密钥和证书做比赛！？我的网站配置包含如下因素的SSL设置：

And the results are both the same, so it seems that the key and the certificate do match!? My site configuration contains the folowing for SSL set-up:

    SSLCertificateFile    /etc/ssl/certs/server.crt
    SSLCertificateKeyFile /etc/ssl/private/server.key

该证书是由我用我的客户自创建CA签名。此时此刻我正在主持通过Java（和Chrome /火狐/ IE / Safari浏览器/ ...都接受证书和密钥），但表现并不如我希望它是，所以我'的HTTPS站点中号愿意转换到Apache。不过，我不明白为什么阿帕奇说，证书和密钥不匹配？我GOOGLE了很多关于这个错误，并发现了不少成果但是，没有再present我的情况也不是为我的问题的一个有效的解决方案。我用我自己的CA的原因是，我使用了一个基于信任的网络有几百个（还在增加）证书。

The certificate is signed by a self created CA that i use for my customers. At this moment i'm hosting the HTTPS site through Java (and Chrome/Firefox/IE/Safari/... all accept the certificate and key), however the performance is not as i'd like it to be, hence i'm willing to switch to Apache. However i don't understand why Apache says the certificate and the key do not match? I've googled a lot for this error and found a lot of results however none represent my situation nor provide a valid solution for my problem. The reason i use my own CA is that i have a few hundred (and counting) certificates in use for a trust based network.

编辑：
这个问题似乎OpenSSL的关系，我测试用相同的最终误差如下：

edit: The issue seems openssl related, i tested the following with the same final error:

..............:~$ openssl s_server -cert server.crt -key server.key
140518544565920:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1319:
140518544565920:error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 error:tasn_dec.c:831:
140518544565920:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:751:Field=n, Type=RSA
140518544565920:error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib:rsa_ameth.c:115:
Using default temp DH parameters
Using default temp ECDH parameters
error setting private key
140518544565920:error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch:x509_cmp.c:331:

任何人都可以点我在正确的方向为我做错了吗？

Can anybody point me in the right direction for what i'm doing wrong?

我重传codeD所使用的JKS直接使用的网络服务器（所有浏览器都可以接受）来PEM证书和私钥，但仍当我从OpenSSL的得到同样的错误：

I retranscoded the used JKS directly used by the webserver (accepted by all browsers) to PEM certificate and private key, but still when i get the same error from openssl:

openssl s_server -debug -cert server.crt -key server.key
Using default temp DH parameters
Using default temp ECDH parameters
error setting private key
140157841004192:error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch:x509_cmp.c:331:

这怎么可能所有的浏览器接受键/证书组合和OpenSSL拒绝一起使用它们呢？

How is it possible that all browsers accept the key/cert combination and openssl refuses to use them together?

Apache2的SSL证书/密钥不匹配 [英] Apache2 SSL Certificate/Key mismatch

问题描述

推荐答案

相关文章

其他开发最新文章

热门教程

热门工具

登录关闭

Apache2的SSL证书/密钥不匹配 [英] Apache2 SSL Certificate/Key mismatch

问题描述

推荐答案

相关文章

其他开发最新文章

热门教程

热门工具

登录 关闭

登录关闭