Nginx SSL certificate

Question

I have two files from the certification service : CSR.txt : Looks like this :

    -----BEGIN CERTIFICATE REQUEST-----
Code
-----END CERTIFICATE REQUEST-----

and Private Key with same format

I'm trying to set them up on Nginx but I'm always getting this error

 failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line error:140DC009:SSL routines:SSL_CTX_use_certificate_chain_file:PEM lib)

I have renamed file1.txt to domain.crt and file2.txt to domain_key.key

Answer 1

It is hard to tell what you are doing, but it looks like you are confusing a Certificate Signing Request (CSR) with a real Certificate (CRT).

So, in order to configure your nginx server for SSL/TLS, follow these steps:

• Generate a strong RSA key-pair (openssl genrsa ...)
• Generate a Certificate Signing Request (CSR) (openssl req -new ...)
• Send the request to a Certificate Authority (CA)
• Get a signed certificate (CRT) back from your CA

You can then configure your server to use your "server.key" and your "server.crt" files for SSL/TLS encryption.

If you still get a similiar error, try to remove everything before ----- BEGIN CERTIFICATE ----- and after ----- END CERTIFICATE -----.

Answer 2

"the site's identity is not verified", this notification appears in Firefox. This means that the ownership of the domain was not verified by a CA or the organzation is not included on the certificate which provide all the information on the certificate. This happen when the type of certificate do only validate the ownership of the domain via email address or meta tag URL.

See: https://www.globalsign.com/ssl/domain-ssl/