loading ssl_certificate from a variable
Sergey A. Osokin
osa at freebsd.org.ru
Wed Jun 23 14:24:36 UTC 2021
Hi Dave,
hope you're doing well these days.
On Wed, Jun 23, 2021 at 09:29:46AM -0400, daveb wrote:
> Hello,
>
> I'm trying to load the cert/key from a variable, based on the documentation
> here:
> https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_certificate
> Using this configuration:
>
> <snip>
> server {
> listen 19099 ssl;
>
> set $mycert "-----BEGIN CERTIFICATE----- ...";
> set $mypkey "-----BEGIN PRIVATE KEY----- ...";
> ssl_certificate "data:$mycert";
> ssl_certificate_key "data:$mypkey";
>
> <snip>
>
> When I connect to port 19099, nginx reports this error (v 1.19.7)
>
> [error] 16408#0: *1 cannot load certificate "data:": PEM_read_bio_X509_AUX()
> failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting:
> TRUSTED CERTIFICATE) while SSL handshaking, client: 127.0.0.1, server:
> 0.0.0.0:19099
>
> I realize that this might not be a great idea, but I don't understand why
> it's not working. Can someone please explain what's wrong with the config?
Shared information is not enough to understand how is a certificate and a
key look like in the configuration file. My guess is all newlines have
been removed, is that right? And if so, a certificate won't be handled
correctly without newline breaks.
--
Sergey Osokin
More information about the nginx
mailing list