problems using rsa
Locked
 
|
hi everybody, well i'm newbie with openssl and trying to use it to generate
certificates after be used in freeradius to add security a wlan. i compiled and installed openssl v0.9.8a and follow many tutorials i found in internet. after generate ca and certificates i do this: openssl rsa <newreq.pem > servidor-key.pem but i get this error: unable to load Private Key 5237:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:644:Expecting: ANY PRIVATE KEY so i tried many other ways and commands but always get the same. so why this error? what is wrong? thanks for your time. _________________________________________________________________ MSN Amor: busca tu ½ naranja http://latam.msn.com/amor/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
|
|
Hi,
> openssl rsa <newreq.pem > servidor-key.pem > but i get this error: > > unable to load Private Key > 5237:error:0906D06C:PEM routines:PEM_read_bio:no start > line:pem_lib.c:644:Expecting: ANY PRIVATE KEY How did you create your private key? Mark. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
|
|
In reply to this post by pelusa vali
Hi,
> > openssl rsa <newreq.pem > servidor-key.pem > > but i get this error: > > > > unable to load Private Key > > 5237:error:0906D06C:PEM routines:PEM_read_bio:no start > > line:pem_lib.c:644:Expecting: ANY PRIVATE KEY > > How did you create your private key? Ignore this question. If newreq.pem is a certificate request then I would not expect the rsa command to cope with it. What are you trying to achieve here? To create a certificate from a request you need to do something like this: # openssl ca -in newreq.pem -out certificate.pem -notext -batch Mark ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
|
|
hi.. even if it is a certificate request, 'rsa' command can handle it. I think the start line of the key may be corrupted (im not sure ) u may try to create a new key and test the same. Samy
Hi, > > openssl rsa <newreq.pem > servidor-key.pem > > but i get this error: > > > > unable to load Private Key > > 5237:error:0906D06C:PEM routines:PEM_read_bio:no start > > line:pem_lib.c:644:Expecting: ANY PRIVATE KEY > > How did you create your private key? Ignore this question. If newreq.pem is a certificate request then I would not expect the rsa command to cope with it. What are you trying to achieve here? To create a certificate from a request you need to do something like this: # openssl ca -in newreq.pem -out certificate.pem -notext -batch Mark ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
|
|
In reply to this post by pelusa vali
Samy,
> even if it is a certificate request, 'rsa' command can handle it. > > I think the start line of the key may be corrupted (im not sure ) > u may try to create a new key and test the same. I may be wrong but the error message made it appear that the command was expecting a private key. I have tried the same command with a few certificate requests and I get the same error. It works with the corresponding private key file. Mark. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
|
|
While creating RSA:1024 certificate,I got this error
Command : openssl req -newkey rsa:1024 -sha1 -keyout c:\test\rootkey.pem -out c:\test\cert_ssl.pem
Error :
3284:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:.\c rypto\conf\conf_lib.c:325:
|
|
|
In reply to this post by Mark-62
Mark, Interesting ! I just tested with a newly created certificate request (newreq.pem) and it goes fine with 'rsa'command ! my version is 0.9.7g. Does this an issue with the version ? If someone knows please let us know... I also given below the snapshot(edited) .. -Samy > CA.pl -newreq Generating a 1024 bit RSA private key ....................................................++++++ .++++++ writing new private key to 'newreq.pem' Enter PEM pass phrase: Verifying - Enter PEM pass phrase: ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:aa State or Province Name (full name) [Some-State]:ss Locality Name (eg, city) []:test Organization Name (eg, company) [Internet Widgits Pty Ltd]:test Organizational Unit Name (eg, section) []:test Common Name (eg, YOUR name) []:test Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: Request (and private key) is in newreq.pem > openssl OpenSSL> rsa -in newreq.pem -text -noout Enter pass phrase for newreq.pem: Private-Key: (1024 bit) modulus: 00:b8:65:09:13:3b:45:04:60:2e:64:30:4b:1d:7d: ... publicExponent: 65537 (0x10001) privateExponent: 79:65:f3:6a:98:eb:e0:6c:9e:3e:51:d9:32:4a:38: ... 14:dd:3c:e3:6b:d7:a3:51 prime1: 00:f3:59:22:62:e8:d6:26:e2:40:89:27:7f:f7:97: .... 81:33:e0:3b:6d prime2: 00:c1:fb:40:f7:ea:c2:82:f1:7f:b7:7c:d1:ad:48: ... 1f:62:ea:9d:b5 exponent1: 00:c4:de:eb:ae:d1:67:cf:75:63:78:92:78:38:ba: ... 52:28:c1:d3:d1 exponent2: 14:be:eb:4e:d8:63:9f:1f:76:da:47:d6:20:e3:24: ... 7c:52:bd:35 coefficient: 11:05:b1:fb:85:12:66:ae:80:78:67:0e:ff:ef:5c: ... 27:c5:db:9e OpenSSL> q
Samy, > even if it is a certificate request, 'rsa' command can handle it. > > I think the start line of the key may be corrupted (im not sure ) > u may try to create a new key and test the same. I may be wrong but the error message made it appear that the command was expecting a private key. I have tried the same command with a few certificate requests and I get the same error. It works with the corresponding private key file. Mark. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
|
|
In reply to this post by pelusa vali
Samy,
> Interesting ! > I just tested with a newly created certificate request > (newreq.pem) and it goes fine with 'rsa'command ! my version > is 0.9.7g. Does this an issue with the version ? > If someone knows please let us know... > > I also given below the snapshot(edited) .. > > -Samy > > > CA.pl -newreq > > Generating a 1024 bit RSA private key > ....................................................++++++ > .++++++ > writing new private key to 'newreq.pem' Ah! CA.pl must also write the private key to the certificate request. However this is not necessary (only the public key and some extra info need to be there). Our set-up does not include the private key in the CSR. I guess the OP has done the same. Mark. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
RE: Problem in creating certificate
|
|
In reply to this post by konark
Hi,
Check your PATH whether you included the openssl.cnf file,
otherwise you include it with the option of -extfile <path to your
openssl.cnf>.
Hope it works
Thanks,
Bhaskar
From:
[hidden email] [mailto:[hidden email]] On
Behalf Of Konark
Sent: Thursday, January 12, 2006 3:47 PM To: [hidden email] Subject: Problem in creating certificate
While creating RSA:1024 certificate,I got this error
Command : openssl req -newkey rsa:1024 -sha1 -keyout c:\test\rootkey.pem -out c:\test\cert_ssl.pem
Error :
3284:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:.\c rypto\conf\conf_lib.c:325:
|
|
|
Thanks to all.
I got solution . It is the problem with configfile: I included config file using option “ –config <FILENAME> “ option .
Regards, konark
*************************************************************************************** This e-mail and attachments contain confidential information from HUAWEI, which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction, or dissemination) by persons other than the intended recipient's) is prohibited. If you receive this e-mail in error, please notify the sender by phone or email immediately and delete it! -----Original Message-----
Hi, Check your PATH whether you included the openssl.cnf file, otherwise you include it with the option of -extfile <path to your openssl.cnf>. Hope it works Thanks, Bhaskar From: [hidden email]
[mailto:[hidden email]] On
Behalf Of Konark
While creating RSA:1024 certificate,I got this error
Command : openssl req -newkey rsa:1024 -sha1 -keyout c:\test\rootkey.pem -out c:\test\cert_ssl.pem
Error :
3284:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:.\c rypto\conf\conf_lib.c:325:
|
|
|
In reply to this post by Mark-62
On Thu, Jan 12, 2006, Mark wrote:
> Samy, > > > Interesting ! > > I just tested with a newly created certificate request > > (newreq.pem) and it goes fine with 'rsa'command ! my version > > is 0.9.7g. Does this an issue with the version ? > > If someone knows please let us know... > > > > I also given below the snapshot(edited) .. > > > > -Samy > > > > > CA.pl -newreq > > > > Generating a 1024 bit RSA private key > > ....................................................++++++ > > .++++++ > > writing new private key to 'newreq.pem' > -- snip -- > > Ah! CA.pl must also write the private key to the certificate request. > However this is not necessary (only the public key and some extra info > need to be there). Our set-up does not include the private key in the > CSR. I guess the OP has done the same. > The CSR is the part including: -----BEGIN CERTIFICATE REQUEST----- and -----END CERTIFICATE REQUEST----- The private key is that between: -----BEGIN RSA PRIVATE KEY----- and -----END RSA PRIVATE KEY----- If the file doesn't contain the lines for the private key then the 'rsa' command wont work with the "no start line" error. It is possible to write them to the same *file* but not to "include the private key in the CSR". Older versions of the CA.pl script did do that but newer ones write the private key to a separate file. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
«
Return to OpenSSL - User
|
1 view|%1 views
| Free forum by Nabble | Edit this page |