Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

serve: add support for ECC certificates #7768

merged 2 commits into from Aug 22, 2019


Copy link

commented Aug 3, 2019

This is either a 馃悰 bug fix or an 馃檵 enhancement.


Jekyll, currently does not accept an ECC (Elliptic-Curve) private key via its --ssl-key option when running the serve command, because the key loading code only assumes an RSA key with no other key types considered. Even though, even the older OpenSSL 1.0.2 supports EC keys. It means that Jekyll will fail to start with this error when an EC key is provided:

jekyll 3.8.5 | Error:  Neither PUB key nor PRIV key: nested asn1 error

This patch will try to load the provided key file as an ECC key if loading it as an RSA key failed. It also checks if the ECC key load method exists, as some Ruby variants (JRuby?) may not have it.

[ My Ruby is very rudimentary, so any suggestion for improvement is welcome. ]


Jekyll server.

Test files

Script to generate a self-signed ECC certificate,


# OpenSSL 1.0.2 or newer required.
# (the one shipping with macOS won't work, use the Homebrew one.)

case "$(uname)" in
  *Darwin*) alias openssl=/usr/local/opt/openssl/bin/openssl


cat << EOF > ${name}.csr.config
encrypt_key = no
prompt = no
distinguished_name = dn
req_extensions = v3_req

O = ${name}

subjectAltName = @alt_names

DNS.1 = localhost
IP.1 =

openssl genpkey -algorithm EC \
  -pkeyopt ec_paramgen_curve:P-256 \
  -pkeyopt ec_param_enc:named_curve \
  -out ${name}-private.pem
openssl req -batch -new -sha256 \
  -config ${name}.csr.config \
  -key ${name}-private.pem -out ${name}.csr
openssl req -batch -x509 -sha256 -days 90 \
  -config ${name}.csr.config -extensions v3_req \
  -in ${name}.csr -key ${name}-private.pem -out ${name}.crt

Certificate, test-ec.crt:


Private key, test-ec-private.pem:


Test command:

jekyll serve --ssl-key test-ec-private.pem --ssl-cert test-ec.crt

@DirtyF DirtyF requested a review from jekyll/core Aug 3, 2019

@DirtyF DirtyF added the enhancement label Aug 3, 2019

lib/jekyll/commands/serve.rb Outdated Show resolved Hide resolved

This comment has been minimized.

Copy link

commented Aug 4, 2019

@vszakats Could you update to the latest master on your branch please? That should allow CI to start passing. Thanks!

vszakats and others added 2 commits Aug 3, 2019
Update lib/jekyll/commands/serve.rb
Co-Authored-By: Frank Taillandier <>

@vszakats vszakats force-pushed the vszakats:patch-1 branch from 52c04a2 to 001ac18 Aug 4, 2019


This comment has been minimized.

Copy link
Contributor Author

commented Aug 4, 2019

@mattr- Okay, done that!

mattr- approved these changes Aug 5, 2019
Copy link

left a comment

This is great! Thanks for doing this! 鉂 I'm going to save this for Jekyll 4.1 since Jekyll 4.0 is nearing its final release.

@mattr- mattr- added this to In progress in Jekyll 4.1 via automation Aug 5, 2019

@mattr- mattr- added this to the 4.1 milestone Aug 5, 2019

@DirtyF DirtyF added this to Ideas/Unconfirmed in Jekyll 4.1 Aug 14, 2019

@DirtyF DirtyF moved this from Ideas/Unconfirmed to Reviewable in Jekyll 4.1 Aug 14, 2019


This comment has been minimized.

Copy link

commented Aug 22, 2019

@jekyllbot: merge +minor

@jekyllbot jekyllbot merged commit 650dcc6 into jekyll:master Aug 22, 2019

3 checks passed

continuous-integration/appveyor/pr AppVeyor build succeeded
continuous-integration/travis-ci/pr The Travis CI build passed
netlify/jekyllrb/deploy-preview Deploy preview ready!

Jekyll 4.1 automation moved this from Reviewable to Done Aug 22, 2019

jekyllbot added a commit that referenced this pull request Aug 22, 2019

@DirtyF DirtyF moved this from In progress to Done in Jekyll 4.1 Aug 22, 2019

@vszakats vszakats deleted the vszakats:patch-1 branch Sep 16, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
4 participants
You can鈥檛 perform that action at this time.