SSL 证书不起作用 - “无起始行"错误 - Apache2 Ubuntu 16.04.1 [英] SSL Certificate not working - "no start line" Error - Apache2 Ubuntu 16.04.1
问题描述
我们正在办公室设置一个新的子域并使用我们拥有的通配符 SSL 证书.我已经创建了我的密钥和我的 csr 文件.然后我发送到 csr 文件以获取我们现在拥有的 cer 文件.(我将发布我运行得更远的命令).然后,我将文件复制到/etc/ssl/private 和/etc/ssl/certs 文件夹中,并在为我们的新域使用 a2ensite 后更新了 apache conf 文件.尝试重启apache时,显示如下错误信息:
SSL 库错误:错误:0906D06C:PEM 例程:PEM_read_bio:没有起始行(期望:受信任证书)-- 文件内容或格式错误- 甚至只是忘记了 SSLCertificateKeyFile?>
到目前为止我运行过的 Bash 命令(我省略了域名):
openssl genrsa -des3 -out [域].key 2048openssl rsa -in star.[domain].key -out star.[domain].key.insecuremv star.[domain].key star.[domain].key.securemv star.[domain].key.insecure star.[domain].keyopenssl req -new -key star.[domain].key -out star.[domain].csr当我们的域在创建时被请求 *.[domain] 被输入,而不是 star.[domain],因为这是我们的提供商所要求的.然后我们将我们的 csr 文件发送给我们的提供商,并收到了我们的 .cer.
我将 .cer 复制到/etc/ssl/certs/star.[domain].cer 和/etc/ssl/private/star.[domain].key 然后更新了 apache conf 文件 [subdomain].[domain].conf 包含以下内容:
ServerAdmin IT@[域]服务器名称 [子域].[域]ServerAlias [子域].[域]SSLCertificateFile/etc/ssl/certs/star.[domain].cerSSLCertificateKeyFile/etc/ssl/private/star.[domain].key保存并重新启动 apache (service apache2 restart) 后,出现上述错误.
我最终解决了这个问题.证书以 pkcs7 格式编码,Ubuntu 不喜欢这种格式.我使用以下命令将证书转换为 PEM,现在一切都已启动并运行.
openssl pkcs7 -print_certs -in certificate.cer -out certificate.pemWe're setting up a new subdomain at the office and using our wildcard SSL Cert we have. I've created my key, and my csr files. I've then sent to csr file off to get our cer file, which i now have. (I will posted commands I've run further down). I've then copied the files into the /etc/ssl/private and /etc/ssl/certs folders, and updated the apache conf file, after using a2ensite for our new domain. When trying to restart apache, the following error message is displayed:
SSL Library Error: error:0906D06C:PEM routines:PEM_read_bio:no start line (Expecting: TRUSTED CERTIFICATE) -- Bad file contents or format - or even just a forgotten SSLCertificateKeyFile?
Bash commands i've run so far (I have omitted out domain name):
openssl genrsa -des3 -out [domain].key 2048
openssl rsa -in star.[domain].key -out star.[domain].key.insecure
mv star.[domain].key star.[domain].key.secure
mv star.[domain].key.insecure star.[domain].key
openssl req -new -key star.[domain].key -out star.[domain].csr
When our domain was requested in the creation *.[domain] was entered, rather than star.[domain], as this is what is required by our provider. We then sent our csr file to our provider, and received our .cer back.
I copied the .cer to /etc/ssl/certs/star.[domain].cer and /etc/ssl/private/star.[domain].key and then updated the apache conf file [subdomain].[domain].conf with the following:
ServerAdmin IT@[domain]
ServerName [subdomain].[domain]
ServerAlias [subdomain].[domain]
SSLCertificateFile /etc/ssl/certs/star.[domain].cer
SSLCertificateKeyFile /etc/ssl/private/star.[domain].key
After saving and restarting apache (service apache2 restart), I am presented with the above error.
I resolved this in the end. The Cert was encoded in pkcs7 format, which Ubuntu doesn't like. I converted the cert into PEM, using the below command, and everything is up and running now.
openssl pkcs7 -print_certs -in certificate.cer -out certificate.pem
这篇关于SSL 证书不起作用 - “无起始行"错误 - Apache2 Ubuntu 16.04.1的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
