Nginx with SSL Connection Error

Asked

Viewed 641 times

2

I created an SSL certificate to test on the server and configured in Nginx as follows:

# HTTPS server
#
server {
    listen 443;
    server_name kriaki.com.br;

    root /home/ubuntu/public_kriaki;
    index index.html index.htm;

    ssl on;
    ssl_certificate /etc/nginx/ssl/kriaki.com.br.cert;
    ssl_certificate_key /etc/nginx/ssl/kriaki.com.br.key;
#
#   ssl_session_timeout 5m;
#
    ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
#   ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
#   ssl_prefer_server_ciphers on;
#
#   location / {
#       try_files $uri $uri/ =404;
#   }
}

I saved and used the following command to check that everything is ok:

sudo nginx -t -c /etc/nginx/nginx.conf

And everything ok. I restarted Nginx, and went to the url with https:// and the browser returns the error: Código de erro: ERR_SSL_PROTOCOL_ERROR

Is the error in the certificate? But I did it as I always do:

sudo openssl req -new -newkey rsa:2048 -nodes -keyout kriaki.com.br.key -out kriaki.com.br.csr
sudo openssl x509 -in kriaki.com.br.csr -out kriaki.com.br.cert -req -signkey kriaki.com.br.key -days 30

What could be?

  • I solved here, in the configuration file default i had enabled another certificate and for some reason gave conflict. I have other domains on the server that when I access them on https:// they try to access the certificate I put up there that is specific to that domain. I left server_name of course to kriaki.com.br, because the other domains are also carrying the same certificate of kriaki.com.br?

  • Gilson, answer your own question, and describe in detail how you did it. After two days mark it as certain

2 answers

2

How I was testing settings in Nginx, in the configuration file default which gets into /etc/nginx/sites-available/default already had a configuration for ssl for another domain. Probably with the two together and the feature of ssl one ip per ssl, they were giving these ssl error while accessing. I only left one and it works normal. But as I was only needing a domain with ssl I left anyway.

0

You can still create a server block for every certified domain you have...

You need to declare

ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP; ?

This can cause errors with customers using other types of Ciphers.

  • Actually this line is there, but it is not active, note that there is a # in front.

  • You quoted from bloco de server, but that’s if I have a dedicated ip for each correct certificate?

Browser other questions tagged

You are not signed in. Login or sign up in order to post.