I have to install a cert for an application running over IP address, 192.168.1.34, the application has to be accessed on https://192.168.1.34:9090
. Our integrating partner requested a CSR from me which I generated with OpenSSL for the IP address. He signed it and return a cert and chain. According to how I have been installing certs on nginx, i have to concatenate the Cert and the Intermediate then use it with the key I generated in order for the app to work with SSL.
Now I repeated the same thing, and I get this error
nginx: [emerg] PEM_read_bio_X509("/etc/ssl/192.168.1.34.crt") failed (SSL: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:Type=X509_CINF error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:Field=cert_info, Type=X509 error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib)
nginx: configuration file /etc/nginx/nginx.conf test failed
That error message generally indicates a formatting error in the certificate file. You need to make sure all of your
-----BEGIN CERTIFICATE-----
and-----END CERTIFICATE-----
lines are there, that there's no trailing white space after them or any piece of the certs, no unnecessary blank lines, etc.It's likely something got messed up when you concatenated.