Hi,
I've been using a self-signed certificate with nsssl with no issues.
However, am getting an error when trying a CA signed certificate:
Error: nsssl: private key load error [error:0906D06C:PEM routines:PEM_read_bio:no start line]
I'm trying letsencrypt.org's certificate with its acme standard certificate renewal process. (Pretty neat concept.)
letsencrypt provides a cert.pem, chain.pem fullchain.pem and privkey.pem.
fullchain.pem contains cert.pem and chain.pem
So in nsd's config.tcl section for nssl:
ns_param certificate ${serverroot}/etc/certs/or97.net/fullchain.pem
Searching around, the issue might be related to openssl not tolerating a cert file saved in double-byte Unicode.
Does nsssl have this limitation?
Any suggestions on how to fix?