7月 012014
 

 

[root@cp conf]# nginx -t
nginx: [emerg] SSL_CTX_use_PrivateKey_file(“/usr/local/nginx/conf/cert.key”) failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)
nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed
[root@cp conf]#
2014/06/30 10:13:19 [emerg] 28226#0: SSL_CTX_use_PrivateKey_file(“/usr/local/nginx/conf/cert.key”) failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)
比较私钥和证书公钥部分的值

[root@cp conf]# openssl x509 -noout -text -in cert.crt
Modulus:
00:92:2d:90:80:5c:94:ec:67:f1:b9:ee:e2:02:a4:
4d:d2:8a:f3:3f:63:4f:68:ee:a4:63:8f:10:f5:68:
4d:07:b5:40:6e:f0:9c:72:c5:06:78:ef:fe:d6:32:
b3:e6:47:26:d9:46:83:f0:f8:7b:6f:31:a8:a8:6d:
f7:06:5f:0c:11:7f:91:17:ad:f0:57:89:6e:3c:87:
28:f0:e2:84:9c:fc:c0:f3:ea:99:af:44:18:e8:3e:
dc:c0:4c:24:9c:66:a4:7b:72:a0:d6:53:ac:f6:0f:
99:19:bb:26:b9:c4:7c:e1:d4:a1:8e:18:0c:e5:fc:
2e:76:51:cf:c8:62:b4:cb:8b:a9:dc:c4:4e:0b:1f:
ac:e7:66:ab:ae:36:81:db:76:68:c1:d9:63:ae:b0:
48:ff:06:2f:e2:1b:20:72:45:b6:21:38:c3:37:e0:
4d:c0:d7:76:e4:95:8b:d5:8e:d6:66:a7:48:dd:9b:
43:a5:c0:15:98:5a:0b:b4:60:21:7e:ec:89:5e:ff:
3d:5e:bf:ff:19:cf:1c:9d:1c:fa:6d:d4:ff:0c:f1:
ee:e6:de:c2:10:52:d0:af:d9:07:bd:7f:4e:88:6c:
81:13:34:45:d9:16:5c:2b:e8:d2:30:b2:ce:44:f9:
9e:b5:aa:52:e1:69:62:68:d4:56:64:33:f1:e7:5f:
d3:79
Exponent: 65537 (0x10001)
[root@cp conf]# openssl rsa -noout -text -in cert.key
Private-Key: (2048 bit)
modulus:
00:ad:cc:8c:99:c0:9a:d9:43:42:2f:4c:a2:fa:30:
5d:61:a6:0d:cb:ca:67:21:f3:7f:96:81:10:c9:5e:
77:22:41:18:ed:8e:6a:89:1e:c6:06:d0:11:d9:c4:
c0:5b:f6:66:1c:2d:30:45:33:ec:80:7b:10:a5:97:
89:c2:d7:aa:89:73:a9:83:d6:ec:a1:d8:3f:fb:09:
12:76:ad:2a:78:72:de:fb:ec:45:72:ca:c9:09:7e:
35:5b:d5:4e:45:9c:93:43:69:cd:1d:65:11:04:b6:
d9:b4:6a:ef:4c:76:59:71:64:ce:06:17:70:cb:ad:
09:b3:59:73:75:9d:64:d0:b9:a2:fd:02:59:10:ba:
c6:38:1b:d4:11:e6:12:1d:f0:1b:2e:07:e3:af:f4:
f6:f7:49:89:9d:f3:20:47:64:29:10:05:64:c2:28:
ed:fa:15:20:b0:0e:c0:c0:df:0d:3f:cd:fe:4f:e1:
09:e3:73:25:79:d2:d9:c7:b3:f9:97:57:fa:3b:78:
1a:ae:d6:0f:2e:3f:a4:d3:17:d1:95:0d:1f:30:e7:
9c:f6:19:cf:1a:0a:60:5b:5b:0d:ed:27:a5:51:67:
ae:37:4e:a7:cd:e7:01:d5:b3:a1:28:a7:1a:bf:92:
27:7f:ad:11:08:d4:34:21:24:54:66:83:44:97:17:
2f:cb
publicExponent: 65537 (0x10001)
使用相同的CSR重新签发证书

[root@AY1405192126447871b3Z 17858]# openssl x509 -noout -text -in cert.crt
Modulus:
00:ad:cc:8c:99:c0:9a:d9:43:42:2f:4c:a2:fa:30:
5d:61:a6:0d:cb:ca:67:21:f3:7f:96:81:10:c9:5e:
77:22:41:18:ed:8e:6a:89:1e:c6:06:d0:11:d9:c4:
c0:5b:f6:66:1c:2d:30:45:33:ec:80:7b:10:a5:97:
89:c2:d7:aa:89:73:a9:83:d6:ec:a1:d8:3f:fb:09:
12:76:ad:2a:78:72:de:fb:ec:45:72:ca:c9:09:7e:
35:5b:d5:4e:45:9c:93:43:69:cd:1d:65:11:04:b6:
d9:b4:6a:ef:4c:76:59:71:64:ce:06:17:70:cb:ad:
09:b3:59:73:75:9d:64:d0:b9:a2:fd:02:59:10:ba:
c6:38:1b:d4:11:e6:12:1d:f0:1b:2e:07:e3:af:f4:
f6:f7:49:89:9d:f3:20:47:64:29:10:05:64:c2:28:
ed:fa:15:20:b0:0e:c0:c0:df:0d:3f:cd:fe:4f:e1:
09:e3:73:25:79:d2:d9:c7:b3:f9:97:57:fa:3b:78:
1a:ae:d6:0f:2e:3f:a4:d3:17:d1:95:0d:1f:30:e7:
9c:f6:19:cf:1a:0a:60:5b:5b:0d:ed:27:a5:51:67:
ae:37:4e:a7:cd:e7:01:d5:b3:a1:28:a7:1a:bf:92:
27:7f:ad:11:08:d4:34:21:24:54:66:83:44:97:17:
2f:cb
Exponent: 65537 (0x10001)
[root@AY1405192126447871b3Z 17858]# openssl rsa -noout -text -in cert.key
Private-Key: (2048 bit)
modulus:
00:ad:cc:8c:99:c0:9a:d9:43:42:2f:4c:a2:fa:30:
5d:61:a6:0d:cb:ca:67:21:f3:7f:96:81:10:c9:5e:
77:22:41:18:ed:8e:6a:89:1e:c6:06:d0:11:d9:c4:
c0:5b:f6:66:1c:2d:30:45:33:ec:80:7b:10:a5:97:
89:c2:d7:aa:89:73:a9:83:d6:ec:a1:d8:3f:fb:09:
12:76:ad:2a:78:72:de:fb:ec:45:72:ca:c9:09:7e:
35:5b:d5:4e:45:9c:93:43:69:cd:1d:65:11:04:b6:
d9:b4:6a:ef:4c:76:59:71:64:ce:06:17:70:cb:ad:
09:b3:59:73:75:9d:64:d0:b9:a2:fd:02:59:10:ba:
c6:38:1b:d4:11:e6:12:1d:f0:1b:2e:07:e3:af:f4:
f6:f7:49:89:9d:f3:20:47:64:29:10:05:64:c2:28:
ed:fa:15:20:b0:0e:c0:c0:df:0d:3f:cd:fe:4f:e1:
09:e3:73:25:79:d2:d9:c7:b3:f9:97:57:fa:3b:78:
1a:ae:d6:0f:2e:3f:a4:d3:17:d1:95:0d:1f:30:e7:
9c:f6:19:cf:1a:0a:60:5b:5b:0d:ed:27:a5:51:67:
ae:37:4e:a7:cd:e7:01:d5:b3:a1:28:a7:1a:bf:92:
27:7f:ad:11:08:d4:34:21:24:54:66:83:44:97:17:
2f:cb
publicExponent: 65537 (0x10001)

重新检查nginx配置,重新加载配置并查看443端口监听
[root@cp conf]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@cp conf]# nginx -s reload
[root@cp conf]# netstat -ltn |grep 443
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN
[root@cp conf]#

 

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)

此站点使用Akismet来减少垃圾评论。了解我们如何处理您的评论数据