私钥格式错误
[英]Private Key format errors
问题描述
I'm using nginx to set up SSL connections, but my keys aren't working. 
我正在使用nginx设置SSL连接,但是我的密钥不起作用。
When I restart nginx I get the following error: 重新启动nginx时,出现以下错误:
Restarting nginx: nginx: [emerg] SSL_CTX_use_PrivateKey_file("/home/[user]/CC/[domain].com.key.pem") failed (SSL: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 error error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:Field=algorithm, Type=X509_ALGOR error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:Field=algor, Type=X509_SIG error:0907B00D:PEM routines:PEM_READ_BIO_PRIVATEKEY:ASN1 lib error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib)
nginx. nginx的。
I have the key from the original request, but it says the format is wrong. 我有原始请求中的密钥,但是它说格式不正确。 In order to check myself I made a new key in a different folder and that one works fine (asks for the password, etc.) 为了检查自己,我在另一个文件夹中创建了一个新密钥,并且该密钥可以正常工作(询问密码等)。
The top is the key I want to work, and the bottom is the key that does work. 顶部是我要使用的键,底部是起作用的键。 Do you notice anything different with the format? 您注意到格式有什么不同吗? I have removed middle characters to keep security, but the format is unchanged. 我已删除中间字符以保持安全性,但格式未更改。
$ cat [domain]com.key.pem
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAALYmQ==
-----END ENCRYPTED PRIVATE KEY-----
$ cat 2/[domain]com.key.pem
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+RM=
-----END ENCRYPTED PRIVATE KEY-----
1 个解决方案
解决方案1
0 2015-07-04 04:27:16
This seems to arise when you have repeated unlockings in a short period of time, especially when you enter your passphrase incorrectly a few times. 当您在短时间内重复解锁时,尤其是当您几次错误输入密码时,似乎会出现这种情况。 I think this might be a security policy that OpenSSL is enforcing about repeated unlocking of an unchanged certificate. 我认为这可能是OpenSSL强制执行的关于反复解锁未更改证书的安全策略。 Or maybe it's a cache issue. 也许这是缓存问题。 But marking the file as "changed" is enough to reset the (security?) cache: 但是将文件标记为“已更改”足以重置(安全性)缓存:
$ touch /path/to/key.pem
Depending on what permissions you have on the key, you may have to use sudo . 根据您对密钥拥有的权限,您可能必须使用sudo 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.