[openssl.org #1076] Bug report

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[openssl.org #1076] Bug report

Rich Salz via RT


Hi All,

I am working on an OpenSSL program i found on the linuxjournal <http://www.linuxjournal.com/article/4822>
the program seems to work ok, except for the fact that the certificates have expired! So i looked up numerous tutorials on CA.pl in order to create my own certificates, however im still having trouble.

Description:

I create a CA via -
perl CA.pl -newca  (everything seems grand)
cp demoCA/cacert.pem root.pem       (i think this is correct, should it be root.pem)
Now i have my CA authority and my CA authority set up and my root.pem

I dont really know what dh1024.pem is so i just used the version shipped with it ........
cp ORIGS/dh1024.pem

Setting up my server.pem -
perl CA.pl -newreq
I give the server all the same info as given the CA inc Comman Name
Then i sign it -
perl CA.pl -sign

Now i copy the RSA private key part of newreq.pem to server.pem
and the Certificate part of newcert to server.pem

So when i try start up the wserver i get the following error:

bash-2.05$ wserver
Can't read key file
25817:error:06065064:digital envelope routines:EVP_DecryptFinal:bad decrypt:evp_enc.c:438:
25817:error:0906A065:PEM routines:PEM_do_header:bad decrypt:pem_lib.c:421:
25817:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib:ssl_rsa.c:707:
bash-2.05$

However, when i use your certs that you posted on :
http://www.mail-archive.com/openssl-dev@.../msg19236.html

It does not give me this error (it gives me some Common Name error later in the code but i presume this is normal as they are not my certs). Can i ask what you did to set up your certs that i did not do?

Any help would be very much appreciated.
Thank you,
Mark Warren




______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]