ListenAndServerTLS不断失败，并显示错误：未能在证书输入中找到任何PEM数据

I bought an SSL certificate from Godaddy for a web site. I added the files in the server and run the service and it just returns an error:

failed to find any PEM data in certificate input

I used cat to generate a server.pem file with all the files, even added a godaddy pem intermediate pem file they provide for a G2 Certificate Chain and nothing.

cat generated-private-key.txt > server.pem
cat 678f65b8a7391017.crt >> server.pem
cat gd_bundle-g2-g1.crt >> server.pem
cat gdig2.crt.pem >> server.pem

Using self signed certificate works but off course it's not usable in real world.

Code attempt 1:

log.Fatal(http.ListenAndServeTLS(fmt.Sprintf("%s:%d", configuration.HttpServer.Address, configuration.HttpServer.Port), "server.pem", "generated-private-key.txt", router))

Code attempt 2:

    cert, err := tls.LoadX509KeyPair("server.pem","generated-private-key.txt")
    if err != nil {
        log.Fatalf("server: loadkeys: %s", err)
    }
    pem, err := ioutil.ReadFile("gd_bundle-g2-g1.crt")
    if err != nil {
        log.Fatalf("Failed to read client certificate authority: %v", err)
    }
    certpool := x509.NewCertPool()
    if !certpool.AppendCertsFromPEM(pem) {
        log.Fatalf("Can't parse client certificate authority")
    }
    tlsConfig := &tls.Config{
        ClientCAs:    certpool,
        Certificates: []tls.Certificate{cert},
    }

    srv := &http.Server{
        Addr: fmt.Sprintf("%s:%d", configuration.HttpServer.Address, configuration.HttpServer.Port),
        Handler: router,
        ReadTimeout: time.Duration(5) * time.Second,
        WriteTimeout: time.Duration(5) * time.Second,
        TLSConfig: tlsConfig,
    }
    log.Fatal(srv.ListenAndServeTLS("678f65b8a7391017.crt","generated-private-key.txt"))

Both give the same error.

I need to have this up and running as I already have the back-end done but now I just want to enable HTTPS for productive environment.

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

3条回答默认最新

dsaxw4201 2019-05-08 01:29

关注

I've struggled with this myself and I think your issue here is that you need to process the keys before presenting for the http.Server, and you'll need to include the RootCA. I've downloaded an SSL from GoDaddy (using the Other option) and grabbed their gd_bundle-g2.crt RootCA from here. Once you've grabbed that, create a function like below (added a gist here):

func genTLS() (*tls.Config, error) {
    caCert, err := ioutil.ReadFile("/home/sborza/gd_bundle-g2.crt")
    if err != nil {
            return nil, fmt.Errorf("read root cert: %s", err.Error())
    }

    // **** START PRIV KEY PROCESSING ****

    clientBytes, err := ioutil.ReadFile("/home/sborza/sborza_dev.key")
    if err != nil {
            return nil, fmt.Errorf("read client priv key: %s", err.Error())
    }

    cb, _ := pem.Decode(clientBytes)
    k, err := x509.ParsePKCS8PrivateKey(cb.Bytes)
    if err != nil {
            return nil, fmt.Errorf("parse client privkey: %s", err.Error())
    }

    clientKey, _ := x509.MarshalPKCS8PrivateKey(k)
    clientKeyPEM := pem.EncodeToMemory(&pem.Block{
            Type:  "PRIVATE KEY",
            Bytes: clientKey,
    })

    // **** END PRIV KEY PROCESSING ****
    // **** START CERT PROCESSING ****

    certBytes, err := ioutil.ReadFile("/home/sborza/sborza_dev.pem")
    if err != nil {
            return nil, fmt.Errorf("read client cert: %s", err.Error())
    }

    cbk, _ := pem.Decode(certBytes)
    certs, err := x509.ParseCertificates(cbk.Bytes)
    if err != nil {
            return nil, fmt.Errorf("parse client cert: %s", err.Error())
    }

    clientCertPEM := pem.EncodeToMemory(&pem.Block{
            Type:  "CERTIFICATE",
            Bytes: certs[0].Raw,
    })

    // **** END CERT PROCESSING ****
    // **** START TLS CONFIG ****

    cert, err := tls.X509KeyPair(clientCertPEM, clientKeyPEM)
    if err != nil {
            return nil, fmt.Errorf("tls key pair: %s", err.Error())
    }
    caCertPool := x509.NewCertPool()
    if ok := caCertPool.AppendCertsFromPEM(caCert); !ok {
            return nil, fmt.Errorf("append cert: %s", err.Error())
    }

    return &tls.Config{
            RootCAs:      caCertPool,
            Certificates: []tls.Certificate{cert},
    }, nil
    // **** END TLS CONFIG ****
}

报告相同问题？

关注问题

无法在密钥中找到任何PEM数据 ssl
2019-08-21 17:55

回答 1 已采纳 The issue was with the key file. The beginning of the file had some issue (like UTF-8 BOM at the s
如何在本机Go中将PEM证书链转换为PKCS7？ ssl
2018-11-28 20:36

回答 1 已采纳 First of all, just to be clear, both the input and output you are requesting are in PEM format. Th
android中pem证书是怎样生成的 android
2015-04-23 01:39

回答 3 已采纳证书都可以用openssl工具链来生成。android本质也是linux，所以支持
[宝塔]配置ssl证书，提示错误：证书错误,请粘贴正确的PEM格式证书
2021-08-20 10:44

你好啊阿波的博客所有添加过证书的证书夹都会出现在这里,复制一份出来手动修改成我们需要引入的证书即可图例是腾讯云下载的证书,取nignx下的key和pem 仓促记录,如有疑问可私信我参考 https://code84.com/96.html更换服务器，...
cURL错误60：Laravel 5.3中的SSL证书 laravel php ssl
2017-02-08 17:55

回答 1 已采纳 I'll be fully honest, I don't know anything about Laravel. But I had the same problem, so as many
证书CA捆绑文件：PEM - PHP / cURL - 本地安装..？ php ssl
2016-01-28 10:39

回答 1 已采纳 You can leverage your php.ini to set the absolute path of where the cacert.pem is located. The d
加密聊天中的“运行时错误：切片范围超出范围”
2018-08-19 16:42

回答 1 已采纳 For no apparent reason, you hope that len(input.Bytes()) >= 24. When it is not: panic: runtime
从openssl rsa pem文件中提取公私钥数据实现
2020-06-04 14:55

fengbingchun的博客 OpenSSL最新版为 1.1.1g，在Windows上和Linux上编译源码时均可以生成可执行文件openssl。通过此执行文件即可产生rsa公钥-私钥对，如产生长度为3072的密钥对，具体命令及执行结果如下图所示：3072是指modulus即模数...
c言语用pcks8格式pem证书验签 c语言
2019-11-11 18:24

回答 2 已采纳 ``` #include #include #include #include #include #include #include #include #incl
fwrite（）：SSL操作失败，代码为1. OpenSSL错误消息： error：1409F07F：SSL例程：SSL3_WRITE_PENDING：错误的写入重试在PHP中 ios php
2015-09-02 10:20

回答 3 已采纳 When you are trying to write to the socket. If something goes wrong, fwrite will return false or 0
在php中使用公钥加密后，如何使用私钥解密c＃中的数据块？ c# php
2016-12-31 07:07

回答 1 已采纳 After an extensive chat with the author of the question it seems that there are two (main) issues
Nginx配置SSL安全证书避免启动输入Enter PEM pass phrase
2023-02-24 10:35

Bob_88888的博客这种情况可能是在设置私钥key时将密码设置写入了key文件，导致Nginx/Apache等系列服务器在启动时要求Enter PEM pass phrase。公司nginx代理服务https证书到期，在更换时生成CSR证书时输入了KEY密码。导致配置了证书...
如何检查CA颁发的PEM证书的有效性
2017-08-30 21:32

回答 1 已采纳 You need to use Certificate.Verify(). There is an example for exactly what you want to do in the d
unable to load Private Key 6572:error:0906D06C:PEM routines:PEM_read_bio:no start line:.\crypto\pem\
2019-06-01 08:03

追蜗牛的coder的博客在win系统下apache部署https的时候需要生成自签名证书（完整部署过程参考：https://www.cnblogs.com/hld123/p/6343437.html），这时候需要用到openssh，第一步的命令为： openssl genrsa 1024 >server.key 这...
解决 Nginx Let's Encrypt HTTPS 证书错误：服务器缺少中间证书
2021-10-21 09:45

owenzhang24的博客前言期初是由于在ios系统出现...不过目前发现 Nginx 配 Let's Encrypt 证书的确存在中间证书缺失问题本文介绍如何解决这一问题这里证书用的是 Let's Encrypt 通配符证书服务端 Nginx 1.16.0 调查首先检查...
关于PEM, DER, CRT, CER，KEY等各类证书与密钥文件后缀的解释
2022-03-18 08:52

　Laurence的博客而CRT, CER，KEY这几种证书和密钥文件，它们都有自己的schema，在存储为物理文件时，既可以是PEM格式，也可以DER格式。 CER：一般用于windows的证书文件格式 CRT：一般用于Linux的证书，包含公钥和主体信息 KEY：...
ngnix SSL证书自制启动失败 Enter PEM pass phrase
2020-05-15 16:25

阿甘的小窝的博客在做esp8266 OTA升级时，通过openssl req -x509 -newkey rsa:2048 -keyout ca_key.pem -out ca_cert.pem -days 365 生成证书，然后配置ngnix之后，启动报错 [emerg] 28313#28313: SSL_CTX_use_PrivateKey_file("/...
PEM_read_bio_X509_AUX() failed (SSL: error:0906D06C:PEM routines:PEM_read_bio
2022-01-25 21:47

鲁尼的小宝贝的博客在使用nginx处理 https的时候，修改好了 nginx.conf, 使用命令 ./sbin/nginx -s reload 的时候，报出 cannot load certificate "/usr/local/nginx/conf/7175012_api.xxxxx.com.key": PEM_read_bio_X509_AUX() ...
工具：openssl查看pem格式证书细节
2021-04-01 10:06

du_lijun的博客问题：想要通过openssl命令在linux系统上面解密证书文件，提取信息（先了解一些证书基本概念） https://www.cnblogs.com/leslies2/p/7442956.html#p0 一、什么是数字证书，常见格式证书主要的文件类型和协议有: ...
没有解决我的问题, 去提问

悬赏问题

¥60 版本过低apk如何修改可以兼容新的安卓系统
¥25 由IPR导致的DRIVER_POWER_STATE_FAILURE蓝屏
¥50 有数据，怎么建立模型求影响全要素生产率的因素
¥50 有数据，怎么用matlab求全要素生产率
¥15 TI的insta-spin例程
¥15 完成下列问题完成下列问题
¥15 C#算法问题, 不知道怎么处理这个数据的转换
¥15 YoloV5 第三方库的版本对照问题
¥15 请完成下列相关问题！
¥15 drone 推送镜像时候 purge: true 推送完毕后没有删除对应的镜像,手动拷贝到服务器执行结果正确在样才能让指令自动执行成功删除对应镜像，如何解决？

码龄粉丝数原力等级 --

ListenAndServerTLS不断失败，并显示错误：未能在证书输入中找到任何PEM数据

3条回答默认最新

码龄粉丝数原力等级 --

悬赏问题

ListenAndServerTLS不断失败，并显示错误：未能在证书输入中找到任何PEM数据

3条回答 默认 最新

悬赏问题

3条回答默认最新