Error while using SSL

[David Vermeir]

Hi,

I'm trying to use the SSL 'only' mode for keystone with a self-signed certificate but when I try to start the server I get the following error:

crypto.js:104

  if (options.cert) c.context.setCert(options.cert);

                              ^

Error: error:0906D06C:PEM routines:PEM_read_bio:no start line

  at Object.exports.createCredentials (crypto.js:104:31)

  at Server (tls.js:1130:28)

  at new Server (https.js:35:14)

  at Object.exports.createServer (https.js:54:10)...

I tried it with a seperate key/csr file and with a single file in the pem format. Same error on both. 

[Nicolas Embleton]

Is your cert readable to the node user (permissions)?  What's the CERT path + filename? 

Seems the problem is from the Cert itself. 

[David Vermeir]

I'm testing this on a local server so the path is the following

'ssl key': 'server.pem',

'ssl cert': 'server.pem'

[David Vermeir]

I found the problem. When you follow the Heroku docs on creating a key, you end up with 3 files. A .crt, .csr and .key.

I mistakenly concatenated the csr and key instead of the crt and key into a pem file.

https://devcenter.heroku.com/articles/ssl-certificate-self

[Nicolas Embleton]

Those 2 files should not be the same. How did you generate your files? There should be another file with it. 

If you look here, you can see the difference: http://nodejs.org/api/https.html

[Nicolas Embleton]

Oh gotcha. Cool. 

Otherwise this SO ticket is quite good: http://stackoverflow.com/questions/12871565/how-to-create-pem-files-for-https-web-server

Cheers,

Nicolas.

[farbod Aprin]

openssl req -newkey rsa:2048 -new -nodes -keyout key.pem -out csr.pem

openssl x509 -req -days 365 -in csr.pem -signkey key.pem -out server.crt

had same Error before,  on Mac I have three file which were needed .ca .crt .key