Skip to main content

Unable to install a Custom Cert [Resolved]

I have to install a cert for an application running over IP address, 192.168.1.34, the application has to be accessed on https://192.168.1.34:9090. Our integrating partner requested a CSR from me which I generated with OpenSSL for the IP address. He signed it and return a cert and chain. According to how I have been installing certs on nginx, i have to concatenate the Cert and the Intermediate then use it with the key I generated in order for the app to work with SSL.

Now I repeated the same thing, and I get this error

nginx: [emerg] PEM_read_bio_X509("/etc/ssl/192.168.1.34.crt") failed (SSL: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:Type=X509_CINF error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:Field=cert_info, Type=X509 error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib)
nginx: configuration file /etc/nginx/nginx.conf test failed

Question Credit: saviour123
Question Reference
Asked June 12, 2019
Posted Under: Network
15 views
1 Answers

That error message generally indicates a formatting error in the certificate file. You need to make sure all of your -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines are there, that there's no trailing white space after them or any piece of the certs, no unnecessary blank lines, etc.

It's likely something got messed up when you concatenated.


credit: omniomi
Answered June 12, 2019
Your Answer