Only this one certificate, acutually this file is used for the iOS APNs function.the weird thing is, I use the same file and same code on other 2 server, it work well. That is really confused me.?------------------------------------------------------------------????Viktor Dukhovni <openssl-users at dukhovni.org>?????2016?9?13?(???) 23:46????openssl-users <openssl-users at openssl.org>????Re: [openssl-users] ??? [help]SSL_CTX_use_certificate_file failed! On?Tue,?Sep?13,?2016?at?10:53:57PM?+0800,?zy_chongqing?wrote: >?thanks?for?your?reply.?please?kindly?find?the?attached?to?get?the?certificate. Firstly,?you?posted?a?2048-bit?certificate,?which?would?not?normally fail?with?a?"key?too?small"?error,?other?than?by?failure?to?parse the?public?key. Secondly,?when?I?start?the?OpenSSL?1.1.0?s_server(1)?with?the?posted certificate?as?the?chain?file,?and?a?random?2048-bit?RSA?key?as the?key?file,?the?error?is?that?the?key?and?certificate?don't?match. This?means?that?at?least?s_server?*is*?able?to?parse?the?public key.??Are?there?some?other?certificates?in?the?chain?file,?in addition?to?the?leaf?certificate?you?posted???Please?post?all the?certificates?(but?not?the?private?key)?from?that?chain?file. ????$?openssl?genrsa?2048?>>?/tmp/cert.pem ????Generating?RSA?private?key,?2048?bit?long?modulus ????........................................................................+++ ????...............+++ ????e?is?65537?(0x010001) ????$?openssl?s_server?-cert?/tmp/cert.pem?-accept?12345 ????Using?default?temp?DH?parameters ????error?setting?private?key ????140735148003328:error:0B080074:x509?certificate?routines:X509_check_private_key:key?values?mismatch:../openssl/crypto/x509/x509_cmp.c:295: --? ?Viktor. --? openssl-users?mailing?list To?unsubscribe:?https://mta.openssl.org/mailman/listinfo/openssl-users -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160913/313a66ce/attachment.html>