Nginx - 使用现有的 .crt、.key 和 CA.pem 文件设置 SSL [英] Nginx - setting up SSL with existing .crt, .key and CA.pem files
问题描述
我有一个 .crt
、.key
和 CA.pem
生成的文件 像这样.
I have a .crt
, .key
and CA.pem
files that were generated like this.
这些证书是项目范围的,它们在启动 webpack-dev-server HTTPS 上的服务器,例如:
These certs are kind of project-wide, and they work when firing up a webpack-dev-server server on HTTPS like:
devServer: {
https: {
key: fs.readFileSync('/path/to/example.com.key'),
cert: fs.readFileSync('/path/to/examle.com.crt'),
ca: fs.readFileSync('/path/to/CA.pem'),
}
}
现在我需要使用这 3 个文件设置 Nginx 服务器,但我一直在尝试,但没有成功.这是我的配置:
Now I need to setup an Nginx server using these 3 files, but I've been trying with no luck. Here's my config:
server {
listen 3000;
ssl_certificate certs/example.com.crt;
ssl_certificate_key certs/example.com.key;
# where does the CA.pem file go??
}
这样做的结果是 Chrome 给了我一个
The result of this is Chrome giving me a
This site can’t provide a secure connection
example.com sent an invalid response.
ERR_SSL_PROTOCOL_ERROR
Nginx 日志显示随机十六进制字符:
Nginx logs show random hex characters:
172.18.0.1 - - [14/Dec/2018:18:01:55 +0000] "\x16\x03\x01\x00\xDD\x01\x00\x00\xD9\x03\x03\xAB\xE1\xB3\x1F\xCE\x02\x02\xC5}q\xDFgd\xF1`\xC1m\x8E\x99\xCE' \x98\xDF\xDEEg\x8Fm\xED\x9F\xB1\x00\x00\x1C" 400 166 "-" "-" "-" 0.001 -
知道我做错了什么吗?
推荐答案
您需要将您的证书与 nginx 的 CA 连接起来:
You need to concatenate your certificate with CA for nginx:
cp example.com.crt example.com.fullchain.pem
cat CA.pem >> example.com.fullchain.pem
并在 nginx 配置中使用此文件:
and use this file in nginx config:
ssl_certificate certs/example.com.fullchain.pem;
这篇关于Nginx - 使用现有的 .crt、.key 和 CA.pem 文件设置 SSL的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!