> On 23 Jun 2021, at 16:29, daveb <nginx-forum@forum.nginx.org> wrote:
>
> Hello,
>
> I'm trying to load the cert/key from a variable, based on the documentation
> here:
>
> https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_certificate
>
> Using this configuration:
>
> <snip>
> server {
> listen 19099 ssl;
>
> set $mycert "-----BEGIN CERTIFICATE----- ...";
> set $mypkey "-----BEGIN PRIVATE KEY----- ...";
> ssl_certificate "data:$mycert";
> ssl_certificate_key "data:$mypkey";
>
> <snip>
>
> When I connect to port 19099, nginx reports this error (v 1.19.7)
>
> [error] 16408#0: *1 cannot load certificate "data:": PEM_read_bio_X509_AUX()
> failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting:
> TRUSTED CERTIFICATE) while SSL handshaking, client: 127.0.0.1, server:
> 0.0.0.0:19099

The error indicates an empty value.
This is because "set" variables are not yet handled while SSL handshaking.
You might want to replace it with e.g. geo or map that use global context.

The more intended way is loading certificates with perl or njs:
https://hg.nginx.org/nginx-tests/file/tip/ssl_certificate_perl.t

--
Sergey Kandaurov

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx