【发布时间】:2021-04-16 10:36:07
【问题描述】:
我有一个从我的主机获得的 SSL 证书(一个 .crt 文件)。它包含两个部分,都以 -----BEGIN CERTIFICATE----- 开头。我已经把这个文件分成了cert.crt和intcert.crt(只是假设第二部分是中间证书)。
在 Apache2 的 SSL 配置中,我有:
SSL 引擎开关:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
# /usr/share/doc/apache2/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
SSLCertificateFile /etc/apache2/ssl/cert.crt
SSLCertificateKeyFile /etc/apache2/ssl/certificate.key
# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convinience.
#SSLCertificateChainFile /etc/apache2/ssl/intcert.crt
# Certificate Authority (CA):
# Set the CA certificate verification path where to find CA
# certificates for client authentication or alternatively one
# huge file containing all of them (file must be PEM encoded)
# Note: Inside SSLCACertificatePath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCACertificatePath /etc/ssl/certs/
#SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
但是,当尝试重新启动 Apache2 时,我在 error.log 中收到以下错误:
AH02562: 配置证书 213.188.152.189:443:0 失败(带链),检查 /etc/apache2/ssl/cert.crt [Mon Jan 11 13:50:51.759656 2021] [ssl:emerg] [pid 1400] SSL Library Error: error:0906D06C:PEM routines:PEM_read_bio:no start line (Expecting: TRUSTED CERTIFICATE) - 错误的文件内容或格式 -甚至只是一个被遗忘的 SSLCertificateKeyFile? [2021 年 1 月 11 日星期一 13:50:51.759670] [ssl:emerg] [pid 1400] SSL 库错误:错误:140DC009:SSL 例程:SSL_CTX_use_certificate_chain_file:PEM 库
我不知道是什么原因造成的?我的配置文件中是否存在某种错误,或者还有其他错误。在我刚刚续订证书之前,我已经使用了这个设置。
非常感谢您在这件事上的帮助!
【问题讨论】: