Commodo SSL

Server NGINX
1

Hello,

i try to run HTTPS with a commodo ssl certificate. I use the follow
tutorial:

I has use cat to write one crt file. The configuration:

listen 80;
listen 443 ssl spdy;

ssl on;
ssl_certificate /etc/nginx/keys/silviosiefke_com.crt;
ssl_certificate_key /etc/nginx/keys/silviosiefke_com.key;
ssl_protocols SSLv3 TLSv1;
ssl_prefer_server_ciphers on;
ssl_ciphers “EECDH+AESGCM EDH+AESGCM EECDH -RC4 EDH -CAMELLIA -SEED
!aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4”;

But nginx want not work. Nginx give me first only:

ks3374456 keys # rc-service nginx restart

  • Checking nginx’ configuration …
    nginx: [emerg]
    PEM_read_bio_X509_AUX(“/etc/nginx/keys/silviosiefke_com.crt”) failed
    (SSL: error:0906D066:PEM routines:PEM_read_bio:bad end line)
    nginx: configuration file /etc/nginx/nginx.conf test failed
    nginx: [emerg]
    PEM_read_bio_X509_AUX(“/etc/nginx/keys/silviosiefke_com.crt”) failed
    (SSL: error:0906D066:PEM routines:PEM_read_bio:bad end line)
    nginx: configuration file /etc/nginx/nginx.conf test failed
  • failed, please correct errors above
    [ !! ]
  • ERROR: nginx failed to stop

I think was begin and end with the cat command. I clean the file and now
nginx make start/stop but the connection want not works.

In Opera 12.16 come only > Sichere Verbindung: Schwerer Fehler (552),
same
in Chrome. Firefox i has not on system.

Has someone expirence with commodo and can describe the way for nginx?

Thanks for help & Nice Day
Silvio

2

Using LMGTFY - Let Me Google That For You
I found http://drewsymo.com/2013/11/fixing-openssl-error/

B. R.

3

On Thu, 17 Apr 2014 17:43:13 +0200 “B.R.” [email protected]
wrote:

Using LMGTFY - Let Me Google That For You
I found http://drewsymo.com/2013/11/fixing-openssl-error/

That is fixt. Google I can use, thank you. But i not use google,
i open the file and fix this lines. That’s not the problem, but
now i become no message, no log entries nothing. Only browser
say Fehlercode: ERR_SSL_PROTOCOL_ERROR

B. R.

Thank you for help & Nice Day
Silvio

4

if your site is silviosiefke.com, there is no tls-service available on
port
443

can you please paste the output of nginx -t / nginx -V ?

########################################################
testssl.sh v2.0rc2 (https://testssl.sh)
########################################################

Using “OpenSSL 1.0.1g 7 Apr 2014” on

On port 443 @ silviosiefke.com seems a server but not TLS/SSL enabled.
Ignore? ^C

Posted at Nginx Forum:

5

Hello,

i had some problems with Comodo SSL Certs, too. I don’t know your error
message, but the Howto which you linked here is old. It looks like
Comodo had to replace their certificate chain and did not update the
howto.

I used portecle (you can get it from sf.net) to examine the
certificates.

rgds, Axel

6

Hello,

On Thu, 17 Apr 2014 15:11:19 -0400 “mex” [email protected] wrote:

if your site is silviosiefke.com, there is no tls-service available
on port 443

I has checked with nmap, this say me is open.

can you please paste the output of nginx -t / nginx -V ?

ks3374456 siefke # nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

ks3374456 siefke # nginx -V
nginx version: nginx/1.4.7
TLS SNI support enabled
configure arguments: --prefix=/usr --conf-path=/etc/nginx/nginx.conf
–error-log-path=/var/log/nginx/error_log --pid-path=/run/nginx.pid
–lock-path=/run/lock/nginx.lock --with-cc-opt=-I/usr/include
–with-ld-opt=-L/usr/lib --http-log-path=/var/log/nginx/access_log
–http-client-body-temp-path=//var/lib/nginx/tmp/client
–http-proxy-temp-path=//var/lib/nginx/tmp/proxy
–http-fastcgi-temp-path=//var/lib/nginx/tmp/fastcgi
–http-scgi-temp-path=//var/lib/nginx/tmp/scgi
–http-uwsgi-temp-path=//var/lib/nginx/tmp/uwsgi --with-ipv6 --with-pcre
–add-module=/var/tmp/portage/www-servers/nginx-1.4.7/work/nginx_syslog_patch-165affd9741f0e30c4c8225da5e487d33832aca3
–without-http_limit_conn_module --with-http_addition_module
–with-http_dav_module --with-http_flv_module --with-http_geoip_module
–with-http_gunzip_module --with-http_gzip_static_module
–with-http_mp4_module --with-http_perl_module
–with-http_random_index_module --with-http_realip_module
–with-http_spdy_module --with-http_stub_
status_module --with-http_sub_module --with-http_xslt_module
–with-http_realip_module
–add-module=/var/tmp/portage/www-servers/nginx-1.4.7/work/headers-more-nginx-module-0.25
–add-module=/var/tmp/portage/www-servers/nginx-1.4.7/work/nginx_http_push_module-0.712
–add-module=/var/tmp/portage/www-servers/nginx-1.4.7/work/ngx_slowfs_cache-1.10
–add-module=/var/tmp/portage/www-servers/nginx-1.4.7/work/ngx-fancyindex-0.3.3
–add-module=/var/tmp/portage/www-servers/nginx-1.4.7/work/ngx_http_auth_pam_module-1.3
–add-module=/var/tmp/portage/www-servers/nginx-1.4.7/work/nginx-dav-ext-module-0.0.3
–add-module=/var/tmp/portage/www-servers/nginx-1.4.7/work/nginx-push-stream-module-0.4.0
–with-http_ssl_module --without-mail_imap_module
–without-mail_pop3_module --without-mail_smtp_module --user=nginx
–group=nginx

########################################################
testssl.sh v2.0rc2 (https://testssl.sh)
########################################################

Using “OpenSSL 1.0.1g 7 Apr 2014” on

On port 443 @ silviosiefke.com seems a server but not TLS/SSL enabled.
Ignore? ^C

mmh that not understand. With cacert.org the server run without probs,
but
the problem is that cacert not accept most of browser. Why not accept
commodo
ssl?

Thank you for help & Nice Day
Silvio