Nginx SSL problem for ca-bundle

Hi nginx team,

we running nginx + ssl certificate

i configure domain.ca-bundle in nginx

cat domain.ca-bunde >> domainname.crt

and configure

ssl_certificate      /opt/ssl/domain_com.crt;
ssl_certificate_key  /opt/ssl.key/domain_com.key;

when i restart nginx server following below error displayed.

SSL_CTX_use_PrivateKey_file("…/domain com.key") failed (SSL:
error:0B080074:x509 certificate routines:X509_check_private_key:key
values
mismatch)

how to resolve this issue…

Thanks and Regards,
R.Karthik

It’s likely not in the right order. If I remember correctly, it is cert
–> intermediary --> bundle

Also verify there are no white spaces, etc. If you are running Windows
as a desktop, you can copy and paste them out if you’re VERY careful not
to pick up white space or additional lines.

Open it with wordpad, not notepad and copy it out. Otherwise, use an
editor and copy / paste it out (like vi).

Don’t use ‘more’. cat should work as you mentioned but if it’s not in
the correct order, then that could be it. My guess is the key/cert
aren’t matching correctly.

On Wed, Jun 16, 2010 at 09:19:30AM +0530, karthi r wrote:

how to resolve this issue…
Configuring HTTPS servers

$ cat www.nginx.com.crt bundle.crt > www.nginx.com.chained.crt

If the server certificate and the bundle have been concatenated in the
wrong order, nginx will fail to start and will display the error
message:

SSL_CTX_use_PrivateKey_file(" … /www.nginx.com.key") failed
(SSL: error:0B080074:x509 certificate routines:
X509_check_private_key:key values mismatch)

because nginx has tried to use the private key with the bundle’s first
certificate instead of the server certificate.


Igor S.
http://sysoev.ru/en/