search cancel

NGINX X509_check_private_key:key values mismatch when restarting Mobility services

book

Article ID: 162339

calendar_today

Updated On:

Products

Mobility Suite

Issue/Introduction

The Symantec Mobility mm-nginx service cannot start.

msg=output: Starting nginx:                                [FAILED]
msg=errors: nginx: [emerg] SSL_CTX_use_PrivateKey_file("/usr/local/nukona/certs/configurator/sign.key") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)
 

Cause

The private key file located in /usr/local/nukona/certs/configurator/sign.key does not match the SSL certificate found in /usr/local/nukona/certs/nginx.crt.  This most commonly is caused by changing the sign.crt file while not also updating the nginx.crt file.  

Resolution

If you have updated the SSL certificate on a Mobility 5.3 server, you probably encounteredfollowing error message when attempting to start the mm-nginx service:

msg=output: Starting nginx:                                [FAILED]

msg=errors: nginx: [emerg] SSL_CTX_use_PrivateKey_file("/usr/local/nukona/certs/configurator/sign.key") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)

This is shown because there is a new SSL certificate as 5.3 and later now uses NGINX in conjunction with Apache for processing web requests.  If the sign.crt file located in /usr/local/nukona/certs/configurator/ is the updated certificate, run the following commands, as root:

cat /usr/local/nukona/certs/configurator/sign.crt > ~/nginx.crt
cat /usr/local/nukona/certs/configurator/gd_bundle.crt >> ~/nginx.crt
mv /usr/local/nukona/certs/configurator/nginx.crt /tmp/
cp ~/nginx.crt /usr/local/nukona/certs/configurator/
service mm-nginx restart