Running ssltest -server_auth

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Running ssltest -server_auth

Alain Damiral
Hello wonderful people.

I'm trying to use the ssltest program to get some typical server
authentication (against a self signed certificate) to work. Whatever I
try I just can't seem to get it right, could someone please indicate
which steps should be followed to achieve this ? It feels like it should
be quite a simple operation.

This is what I tried:

 > openssl genrsa -out ~/privkey.pem 2048

 > openssl req -new -x509 -key ~/privkey.pem -out ~/mycert.pem -days
1095 -config openssl.cnf

openssl.cnf is the "standard" config file in the apps directory,
containing the lines:
dir        = ./demoCA        # Where everything is kept
certificate    = $dir/cacert.pem     # The CA certificate


 > ssltest -server_auth -cert ~/mycert.pem -CAfile ../apps/demoCA/cacert.pem

Ending up with this output:

Available compression methods:
  NONE
2988:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:644:Expecting: ANY PRIVATE KEY
2988:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM
lib:ssl_rsa.c:669:

I'm probably missing something obvious, but my brain is currently weak
so I'd like to temporarily borrow one of yours on this matter.

Thank you for your time,

--
Alain Damiral,

I hope this message makes me look like a very intelligent person

Université Catholique de Louvain - student
alain.damiral'at'student.info.ucl.ac.be

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Running ssltest -server_auth

Samy Thiyagarajan

hi..

U need to add ur key file in ur options..

try to include  -key  ~/privkey.pem  

lets see what happens then...

- samy








Alain Damiral <[hidden email]>

Sent by:
[hidden email]

13.01.2006 12:34

Please respond to
[hidden email]

To
[hidden email]
cc
Subject
Running ssltest -server_auth
Classification





Hello wonderful people.

I'm trying to use the ssltest program to get some typical server
authentication (against a self signed certificate) to work. Whatever I
try I just can't seem to get it right, could someone please indicate
which steps should be followed to achieve this ? It feels like it should
be quite a simple operation.

This is what I tried:

> openssl genrsa -out ~/privkey.pem 2048

> openssl req -new -x509 -key ~/privkey.pem -out ~/mycert.pem -days
1095 -config openssl.cnf

openssl.cnf is the "standard" config file in the apps directory,
containing the lines:
dir        = ./demoCA        # Where everything is kept
certificate    = $dir/cacert.pem     # The CA certificate


> ssltest -server_auth -cert ~/mycert.pem -CAfile ../apps/demoCA/cacert.pem

Ending up with this output:

Available compression methods:
 NONE
2988:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:644:Expecting: ANY PRIVATE KEY
2988:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM
lib:ssl_rsa.c:669:

I'm probably missing something obvious, but my brain is currently weak
so I'd like to temporarily borrow one of yours on this matter.

Thank you for your time,

--
Alain Damiral,

I hope this message makes me look like a very intelligent person

Université Catholique de Louvain - student
alain.damiral'at'student.info.ucl.ac.be

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Running ssltest -server_auth

Alain Damiral
Clever !

Not me, you...

It did the trick. The private key was so blatantly missing that I feel
deeply ashamed. Thank you very much.

What now happens is this:

Available compression methods:
  NONE
server authentication
depth=0 error=18 /C=BE/O=home/CN=alain
Error string: self signed certificate
  ... ignored.
depth=0 /C=BE/O=home/CN=alain
TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
1 handshakes of 256 bytes done


Which is absolutely fine.




Samy Thiyagarajan wrote:

>
> hi..
>
> U need to add ur key file in ur options..
>
> try to include  -key  ~/privkey.pem  
>
> lets see what happens then...
>
> - samy
>
>
>
>
>
>
>
>
> *Alain Damiral <[hidden email]>*
>
> Sent by:
> [hidden email]
>
> 13.01.2006 12:34
> Please respond to
> [hidden email]
>
>
>
> To
> [hidden email]
> cc
>
> Subject
> Running ssltest -server_auth
> Classification
>
>
>
>
>
>
>
>
>
>
> Hello wonderful people.
>
> I'm trying to use the ssltest program to get some typical server
> authentication (against a self signed certificate) to work. Whatever I
> try I just can't seem to get it right, could someone please indicate
> which steps should be followed to achieve this ? It feels like it should
> be quite a simple operation.
>
> This is what I tried:
>
> > openssl genrsa -out ~/privkey.pem 2048
>
> > openssl req -new -x509 -key ~/privkey.pem -out ~/mycert.pem -days
> 1095 -config openssl.cnf
>
> openssl.cnf is the "standard" config file in the apps directory,
> containing the lines:
> dir        = ./demoCA        # Where everything is kept
> certificate    = $dir/cacert.pem     # The CA certificate
>
>
> > ssltest -server_auth -cert ~/mycert.pem -CAfile
> ../apps/demoCA/cacert.pem
>
> Ending up with this output:
>
> Available compression methods:
>  NONE
> 2988:error:0906D06C:PEM routines:PEM_read_bio:no start
> line:pem_lib.c:644:Expecting: ANY PRIVATE KEY
> 2988:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM
> lib:ssl_rsa.c:669:
>
> I'm probably missing something obvious, but my brain is currently weak
> so I'd like to temporarily borrow one of yours on this matter.
>
> Thank you for your time,
>
>


--
Alain Damiral,

I hope this message makes me look like a very intelligent person

Université Catholique de Louvain - student
alain.damiral'at'student.info.ucl.ac.be

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]