Hello!
On Tue, Oct 15, 2013 at 09:13:52AM -0400, gaspy wrote:
> I have a strange problem with SLL.
>
> I purchased a SSL cert and combined the intermediary files into one:
> cat www_mydomain_com.crt PositiveSSLCA2.crt AddTrustExternalCARoot.crt >>
> mydomain-budle.crt
>
> In the server conf I have the following:
>
> server
> {
> listen 80;
> listen 443 ssl;
>
> server_name www.mydomain.com;
> root /var/www/mydomain/;
>
> ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
> ssl_ciphers AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5;
> ssl_certificate /etc/nginx/conf/mydomain-bundle.crt;
> ssl_certificate_key /etc/nginx/conf/server.key;
> ssl_session_cache shared:SSL:10m;
> ssl_session_timeout 10m;
> ssl_verify_depth 2;
> ...
> }
>
> SSL doesn't work and error log shows
> no "ssl_certificate" is defined in server listening on SSL port while SSL
> handshaking, client: x.x.x.x, server: 0.0.0.0:443
>
> What's wrong? Of course, the file exists, I restarted the server. I tried
> everything I could think of (absolute path, I added ssl_verify_depth,
> verified that in the crt file the END/BEGIN blocks are on separate lines)
The message suggests you have another server{} listening on the
same port, without ssl_certificate defined, and it's selected
based on SNI.
--
Maxim Dounin
http://nginx.org/en/donation.html
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx