Article Directory
Add national secret support
NGINX adds national secret support
To add national secret support, you can directly follow the operation sequence on the official website.
Reference URL: https://www.gmssl.cn/gmssl/index.jsp
Problems that may arise
The national secret does not take effect, check whether the path of the Nginx executable file is correct
The Nginx service was configured in the system before , and the location of my service file is /usr/lib/systemcd/system/nginx.service
, which uses the previous execution file path. However, the default path after the national secret compilation is in the /usr/local/nginx/ directory, so it is necessary to confirm whether the execution path is correct.
The certificate could not be parsed
1. Check whether the path configuration of your certificate location and private key location is correct.
2. Check whether there are abnormal characters in the certificate. For example, if the certificate file or key file is opened
in the Windows environment, the newline symbol in the file may change.
Because the newline character of the linux system is different from that of windows , the file may not be executed or read incorrectly.
Can be handled by:
yum -y install dos2unix
dos2unix filename
Nginx fails to start
There is no error when starting, but the following similar information is prompted
License for TEST. SN=5DB12211BA8E0B4D
OpenSSL(GM version Build220225) by www.gmssl.cn. Test Only!!!
OpenSSL(GM version Build220225) by www.gmssl.cn. Test Only!!!
OpenSSL(GM version Build220225) expired. Please update new version!!!
OpenSSL(GM version Build220225) expired. Please update new version!!!
The reason is that the national secret certificate analysis library provided by gmssl has expired. The official website has stated that the library file will expire at the end of the year, but it seems that as long as NGINX is not restarted , this problem will not occur.
In short, if this problem occurs, you need to download a new library file from the official website and recompile.