Running ssltest -server_auth
Locked
 
|
Hello wonderful people.
I'm trying to use the ssltest program to get some typical server authentication (against a self signed certificate) to work. Whatever I try I just can't seem to get it right, could someone please indicate which steps should be followed to achieve this ? It feels like it should be quite a simple operation. This is what I tried: > openssl genrsa -out ~/privkey.pem 2048 > openssl req -new -x509 -key ~/privkey.pem -out ~/mycert.pem -days 1095 -config openssl.cnf openssl.cnf is the "standard" config file in the apps directory, containing the lines: dir = ./demoCA # Where everything is kept certificate = $dir/cacert.pem # The CA certificate > ssltest -server_auth -cert ~/mycert.pem -CAfile ../apps/demoCA/cacert.pem Ending up with this output: Available compression methods: NONE 2988:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:644:Expecting: ANY PRIVATE KEY 2988:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib:ssl_rsa.c:669: I'm probably missing something obvious, but my brain is currently weak so I'd like to temporarily borrow one of yours on this matter. Thank you for your time, -- Alain Damiral, I hope this message makes me look like a very intelligent person Université Catholique de Louvain - student alain.damiral'at'student.info.ucl.ac.be ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
Re: Running ssltest -server_auth
|
|
hi.. U need to add ur key file in ur options.. try to include -key ~/privkey.pem lets see what happens then... - samy
Hello wonderful people. I'm trying to use the ssltest program to get some typical server authentication (against a self signed certificate) to work. Whatever I try I just can't seem to get it right, could someone please indicate which steps should be followed to achieve this ? It feels like it should be quite a simple operation. This is what I tried: > openssl genrsa -out ~/privkey.pem 2048 > openssl req -new -x509 -key ~/privkey.pem -out ~/mycert.pem -days 1095 -config openssl.cnf openssl.cnf is the "standard" config file in the apps directory, containing the lines: dir = ./demoCA # Where everything is kept certificate = $dir/cacert.pem # The CA certificate > ssltest -server_auth -cert ~/mycert.pem -CAfile ../apps/demoCA/cacert.pem Ending up with this output: Available compression methods: NONE 2988:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:644:Expecting: ANY PRIVATE KEY 2988:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib:ssl_rsa.c:669: I'm probably missing something obvious, but my brain is currently weak so I'd like to temporarily borrow one of yours on this matter. Thank you for your time, -- Alain Damiral, I hope this message makes me look like a very intelligent person Université Catholique de Louvain - student alain.damiral'at'student.info.ucl.ac.be ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
Re: Running ssltest -server_auth
|
|
Clever !
Not me, you... It did the trick. The private key was so blatantly missing that I feel deeply ashamed. Thank you very much. What now happens is this: Available compression methods: NONE server authentication depth=0 error=18 /C=BE/O=home/CN=alain Error string: self signed certificate ... ignored. depth=0 /C=BE/O=home/CN=alain TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA 1 handshakes of 256 bytes done Which is absolutely fine. Samy Thiyagarajan wrote: > > hi.. > > U need to add ur key file in ur options.. > > try to include -key ~/privkey.pem > > lets see what happens then... > > - samy > > > > > > > > > *Alain Damiral <[hidden email]>* > > Sent by: > [hidden email] > > 13.01.2006 12:34 > Please respond to > [hidden email] > > > > To > [hidden email] > cc > > Subject > Running ssltest -server_auth > Classification > > > > > > > > > > > Hello wonderful people. > > I'm trying to use the ssltest program to get some typical server > authentication (against a self signed certificate) to work. Whatever I > try I just can't seem to get it right, could someone please indicate > which steps should be followed to achieve this ? It feels like it should > be quite a simple operation. > > This is what I tried: > > > openssl genrsa -out ~/privkey.pem 2048 > > > openssl req -new -x509 -key ~/privkey.pem -out ~/mycert.pem -days > 1095 -config openssl.cnf > > openssl.cnf is the "standard" config file in the apps directory, > containing the lines: > dir = ./demoCA # Where everything is kept > certificate = $dir/cacert.pem # The CA certificate > > > > ssltest -server_auth -cert ~/mycert.pem -CAfile > ../apps/demoCA/cacert.pem > > Ending up with this output: > > Available compression methods: > NONE > 2988:error:0906D06C:PEM routines:PEM_read_bio:no start > line:pem_lib.c:644:Expecting: ANY PRIVATE KEY > 2988:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM > lib:ssl_rsa.c:669: > > I'm probably missing something obvious, but my brain is currently weak > so I'd like to temporarily borrow one of yours on this matter. > > Thank you for your time, > > -- Alain Damiral, I hope this message makes me look like a very intelligent person Université Catholique de Louvain - student alain.damiral'at'student.info.ucl.ac.be ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
«
Return to OpenSSL - User
|
1 view|%1 views
| Free forum by Nabble | Edit this page |