Last active
April 14, 2023 12:44
-
-
Save singhabhinav/132b8196abac026b43fa to your computer and use it in GitHub Desktop.
Install SSL certificate in Nginx (Using .crt & .ca-bundle certificate files)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Step 1 - Create .crt file | |
| cat domainname.crt domainname.ca-bundle > domainname-ssl-bundle.crt | |
| Step 2- | |
| Add lines for ssl_certificate in nginx configuration | |
| server { | |
| listen 80 default_server; | |
| listen [::]:80 default_server ipv6only=on; | |
| listen 443 ssl; | |
| ssl_certificate /etc/ssl/certs/domainname-ssl-bundle.crt; | |
| ssl_certificate_key /etc/ssl/private/domainname.key; | |
| ssl_session_timeout 5m; | |
| ssl_protocols SSLv3 TLSv1; | |
| ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP; | |
| ssl_prefer_server_ciphers on; | |
| } |
I have .crt file and .ca-Bundle. but when i configure it according to all above steps it is giving me errot : cannot load certificate key : PEM_read_bio_PrivateKey() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: ANY PRIVATE KEY) I don't have Key file i have only two files mention above. So please let me know what is wrong.
Hi, this helped me - https://stackoverflow.com/a/31736141
TLDR
Mine was ----BEGIN RSA PRIVATE KEY----- vs -----BEGIN RSA PRIVATE KEY-----, it was missing a - character.
Took me an hour to notice the problem.
Hope it helps.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The private key should have been created when you generated your CSR.