SSL安装问题-“键值不匹配"(但他们确实匹配?) [英] SSL install problem - "key value mismatch" (but they do match?)
问题描述
所以我收到了一个新的公共证书以安装在服务器上(.crt 文件).完毕.重启 apache - 失败".
So I've been sent a new public cert to install on a server (.crt file). Done. Restart apache - "FAILED".
错误信息:
[Tue Jan 11 12:51:37 2011] [error] Unable to configure RSA server private key
[Tue Jan 11 12:51:37 2011] [error] SSL Library Error: 185073780 error:0B080074:
x509 certificate routines:X509_check_private_key:key values mismatch
我已经检查了关键值:
openssl rsa -noout -modulus -in server.key | openssl md5
openssl x509 -noout -modulus -in server.crt | openssl md5
他们确实匹配.
我检查了 ssl.conf 文件中的路径,它们指向正确的文件.
I've checked the paths in my ssl.conf file, and they ARE pointing to the correct files.
如果我恢复旧的(过期的)证书文件,apache 可以正常启动,所以它肯定不喜欢新的.
If I reinstate the old (expired) cert file, apache starts up ok, so it definitely doesn't like something about the new one.
这是一个 GeoTrust QuickSSL,它带有一个intermediate.crt",我应该用它来代替我之前使用的ca-bundle.crt"文件
It's a GeoTrust QuickSSL, and it came with an "intermediate.crt" that I'm supposed to use in place of the the "ca-bundle.crt" file that I was using before
SSLCertificateFile /etc/pki/tls/certs/www.domain.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/www.domain.com.key
SSLCACertificateFile /etc/pki/tls/certs/intermediate.crt
任何想法我可能做错了什么?您需要更多信息吗?
Any ideas what I might be doing wrong? Any more info you need?
谢谢!
推荐答案
我也遇到了同样的错误.就我而言,我必须在验证链中提供额外的 CA 证书.我没有在单独的文件中提供证书和密钥,而是将它们组合在一个 .pem 文件中.
I also came across the same error. In my case I had to supply additional CA certificates in the verification chain. And instead of supplying the certificate and the key in separate files, I combined them in a .pem file.
但是,当您执行此操作时,密钥和证书以及中间证书的顺序很重要.正确的顺序:
However, when you do this, the order of the key and the certificate plus the intermediate one(s) is important. The correct order:
your private key
your certificate
(intermediate) CA certificate lowest in the hierarchy
other CA certificates higher in the hierarchy...
(intermediate) CA certificate highest in the hierarchy
这篇关于SSL安装问题-“键值不匹配"(但他们确实匹配?)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!