problems using rsa

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

problems using rsa

pelusa vali
hi everybody, well i'm newbie with openssl and trying to use it to generate
certificates after be used in freeradius to add security a wlan.
i compiled and installed openssl v0.9.8a and follow many tutorials i found
in internet.
after generate ca and certificates i do this:
openssl rsa <newreq.pem >  servidor-key.pem
but i get this error:

unable to load Private Key
5237:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:644:Expecting: ANY PRIVATE KEY

so i tried many other ways and commands but always get the same. so why this
error? what is wrong?
thanks for your time.

_________________________________________________________________
MSN Amor: busca tu ½ naranja http://latam.msn.com/amor/

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: problems using rsa

Mark-62
Hi,

> openssl rsa <newreq.pem >  servidor-key.pem
> but i get this error:
>
> unable to load Private Key
> 5237:error:0906D06C:PEM routines:PEM_read_bio:no start
> line:pem_lib.c:644:Expecting: ANY PRIVATE KEY

How did you create your private key?

Mark.



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: problems using rsa

Mark-62
In reply to this post by pelusa vali
Hi,

> > openssl rsa <newreq.pem >  servidor-key.pem
> > but i get this error:
> >
> > unable to load Private Key
> > 5237:error:0906D06C:PEM routines:PEM_read_bio:no start
> > line:pem_lib.c:644:Expecting: ANY PRIVATE KEY
>
> How did you create your private key?

Ignore this question.  If newreq.pem is a certificate request then
I would not expect the rsa command to cope with it.  What are you
trying to achieve here?

To create a certificate from a request you need to do something like
this:

# openssl ca -in newreq.pem -out certificate.pem -notext -batch

Mark
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: problems using rsa

Samy Thiyagarajan


hi..

even if it is a certificate request, 'rsa' command can handle it.

I think the start line of the key may be corrupted (im not sure )
u may try to create a new key and test the same.

Samy







"Mark" <[hidden email]>

Sent by:
[hidden email]

12.01.2006 10:32

Please respond to
[hidden email]

To
[hidden email]
cc
Subject
RE: problems using rsa
Classification





Hi,

> > openssl rsa <newreq.pem >  servidor-key.pem
> > but i get this error:
> >
> > unable to load Private Key
> > 5237:error:0906D06C:PEM routines:PEM_read_bio:no start
> > line:pem_lib.c:644:Expecting: ANY PRIVATE KEY
>
> How did you create your private key?

Ignore this question.  If newreq.pem is a certificate request then
I would not expect the rsa command to cope with it.  What are you
trying to achieve here?

To create a certificate from a request you need to do something like
this:

# openssl ca -in newreq.pem -out certificate.pem -notext -batch

Mark
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]

Reply | Threaded
Open this post in threaded view
|

RE: problems using rsa

Mark-62
In reply to this post by pelusa vali
Samy,

> even if it is a certificate request, 'rsa' command can handle it.
>
> I think the start line of the key may be corrupted (im not sure )
> u may try to create a new key and test the same.

I may be wrong but the error message made it appear that the command
was expecting a private key.  I have tried the same command with
a few certificate requests and I get the same error. It works with
the corresponding private key file.

Mark.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Problem in creating certificate

konark

 

While creating RSA:1024 certificate,I got this error

 

Command : 

openssl req -newkey rsa:1024 -sha1 -keyout c:\test\rootkey.pem -out

 c:\test\cert_ssl.pem

 

Error :

 

3284:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:.\c

rypto\conf\conf_lib.c:325:

 

 

Reply | Threaded
Open this post in threaded view
|

RE: problems using rsa

Samy Thiyagarajan
In reply to this post by Mark-62

Mark,
Interesting !
I just tested with a newly created certificate request (newreq.pem) and it goes fine with 'rsa'command  ! my version is 0.9.7g. Does this an issue with the version ?
If someone knows please let us know...

I also given below the snapshot(edited) ..

-Samy

> CA.pl -newreq

Generating a 1024 bit RSA private key
....................................................++++++
.++++++
writing new private key to 'newreq.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:aa
State or Province Name (full name) [Some-State]:ss
Locality Name (eg, city) []:test
Organization Name (eg, company) [Internet Widgits Pty Ltd]:test
Organizational Unit Name (eg, section) []:test
Common Name (eg, YOUR name) []:test
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Request (and private key) is in newreq.pem


> openssl
OpenSSL> rsa -in newreq.pem -text -noout
Enter pass phrase for newreq.pem:
Private-Key: (1024 bit)
modulus:
    00:b8:65:09:13:3b:45:04:60:2e:64:30:4b:1d:7d:
    ...
publicExponent: 65537 (0x10001)
privateExponent:
    79:65:f3:6a:98:eb:e0:6c:9e:3e:51:d9:32:4a:38:
    ...
    14:dd:3c:e3:6b:d7:a3:51
prime1:
    00:f3:59:22:62:e8:d6:26:e2:40:89:27:7f:f7:97:
    ....
    81:33:e0:3b:6d
prime2:
    00:c1:fb:40:f7:ea:c2:82:f1:7f:b7:7c:d1:ad:48:
    ...
    1f:62:ea:9d:b5
exponent1:
    00:c4:de:eb:ae:d1:67:cf:75:63:78:92:78:38:ba:
    ...
    52:28:c1:d3:d1
exponent2:
    14:be:eb:4e:d8:63:9f:1f:76:da:47:d6:20:e3:24:
    ...
    7c:52:bd:35
coefficient:
    11:05:b1:fb:85:12:66:ae:80:78:67:0e:ff:ef:5c:
    ...
    27:c5:db:9e
OpenSSL> q










"Mark" <[hidden email]>

Sent by:
[hidden email]

12.01.2006 11:09

Please respond to
[hidden email]

To
[hidden email]
cc
Subject
RE: problems using rsa
Classification





Samy,

> even if it is a certificate request, 'rsa' command can handle it.
>
> I think the start line of the key may be corrupted (im not sure )
> u may try to create a new key and test the same.

I may be wrong but the error message made it appear that the command
was expecting a private key.  I have tried the same command with
a few certificate requests and I get the same error. It works with
the corresponding private key file.

Mark.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]

Reply | Threaded
Open this post in threaded view
|

RE: problems using rsa

Mark-62
In reply to this post by pelusa vali
Samy,

> Interesting !
> I just tested with a newly created certificate request
> (newreq.pem) and it goes fine with 'rsa'command  ! my version
> is 0.9.7g. Does this an issue with the version ?
> If someone knows please let us know...
>
> I also given below the snapshot(edited) ..
>
> -Samy
>
> > CA.pl -newreq
>
> Generating a 1024 bit RSA private key
> ....................................................++++++
> .++++++
> writing new private key to 'newreq.pem'
-- snip --

Ah!  CA.pl must also write the private key to the certificate request.
However this is not necessary (only the public key and some extra info
need to be there).  Our set-up does not include the private key in the
CSR.  I guess the OP has done the same.

Mark.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Problem in creating certificate

Vishnubhatla, Vijaya Bhaskar
In reply to this post by konark
Hi,
Check your PATH whether you included the openssl.cnf file, otherwise you include it with the option of -extfile <path to your openssl.cnf>.
Hope it works
Thanks,
Bhaskar

From: [hidden email] [mailto:[hidden email]] On Behalf Of Konark
Sent: Thursday, January 12, 2006 3:47 PM
To: [hidden email]
Subject: Problem in creating certificate

 

While creating RSA:1024 certificate,I got this error

 

Command : 

openssl req -newkey rsa:1024 -sha1 -keyout c:\test\rootkey.pem -out

 c:\test\cert_ssl.pem

 

Error :

 

3284:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:.\c

rypto\conf\conf_lib.c:325:

 

 

Reply | Threaded
Open this post in threaded view
|

RE: Problem in creating certificate

konark

Thanks to all.

 

I got solution .  It is the problem with configfile:  I included config file using option  “ –config  <FILENAME>  “  option .

 

Regards,

konark

 

***************************************************************************************

            This e-mail and attachments contain confidential information from HUAWEI, which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction, or dissemination) by persons other than the intended recipient's) is prohibited. If you receive this e-mail in error, please notify the sender by phone or email immediately and delete it!

-----Original Message-----
From: owner-
[hidden email] [mailto:owner-[hidden email]] On Behalf Of Vishnubhatla, Vijaya Bhaskar
Sent: Thursday, January 12, 2006 4:42 PM
To:
[hidden email]
Subject: RE: Problem in creating certificate

 

Hi,

Check your PATH whether you included the openssl.cnf file, otherwise you include it with the option of -extfile <path to your openssl.cnf>.

Hope it works

Thanks,

Bhaskar


From: [hidden email] [mailto:[hidden email]] On Behalf Of Konark
Sent: Thursday, January 12, 2006 3:47 PM
To: [hidden email]
Subject: Problem in creating certificate

 

While creating RSA:1024 certificate,I got this error

 

Command : 

openssl req -newkey rsa:1024 -sha1 -keyout c:\test\rootkey.pem -out

 c:\test\cert_ssl.pem

 

Error :

 

3284:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:.\c

rypto\conf\conf_lib.c:325:

 

 

Reply | Threaded
Open this post in threaded view
|

Re: problems using rsa

Dr. Stephen Henson
In reply to this post by Mark-62
On Thu, Jan 12, 2006, Mark wrote:

> Samy,
>
> > Interesting !
> > I just tested with a newly created certificate request
> > (newreq.pem) and it goes fine with 'rsa'command  ! my version
> > is 0.9.7g. Does this an issue with the version ?
> > If someone knows please let us know...
> >
> > I also given below the snapshot(edited) ..
> >
> > -Samy
> >
> > > CA.pl -newreq
> >
> > Generating a 1024 bit RSA private key
> > ....................................................++++++
> > .++++++
> > writing new private key to 'newreq.pem'
> -- snip --
>
> Ah!  CA.pl must also write the private key to the certificate request.
> However this is not necessary (only the public key and some extra info
> need to be there).  Our set-up does not include the private key in the
> CSR.  I guess the OP has done the same.
>

The CSR is the part including:

-----BEGIN CERTIFICATE REQUEST-----

and

-----END CERTIFICATE REQUEST-----

The private key is that between:

-----BEGIN RSA PRIVATE KEY-----

and

-----END RSA PRIVATE KEY-----

If the file doesn't contain the lines for the private key then the 'rsa'
command wont work with the "no start line" error.

It is possible to write them to the same *file* but not to "include the
private key in the CSR". Older versions of the CA.pl script did do that but
newer ones write the private key to a separate file.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]