Bruce B. Platt schrieb:
>
> 2. ssleay.cnf is in usr/local/ssl/lib
> I receive the following error from Fred's ns-cert.pl script:
>
> Certificate request failed
>
> /usr/local/ssl/bin/ca -config /usr/local/ssl/lib/ssleay.cnf -spkac
> /data/web/public/server/certs/cert37.req -out
> /data/web/public/server/certs/cert37.result -days 360
>
> rc = 256
>
> Using configuration from /usr/local/ssl/lib/ssleay.cnf
> unable to load CA private key
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Check for the existence and readability of you CA's private
key. The key is in a file that is named within
/usr/local/ssl/lib/ssleay.cnf
as "private_key" in the section that is named under "default_ca".
If file exists try ssleay rsa -nout -text -in name_of_private_key_file
if this works under httpd UID then your script should run fine.
> 15468:error:06065064:digital envelope routines:EVP_DecryptFinal:bad
> decrypt:evp_enc.c:275:
> 15468:error:0906A065:PEM routines:PEM_do_header:bad decrypt:pem_lib.c:403:
>
> commonName
> Client Certificate
> emailAddress
> [EMAIL PROTECTED]
> organizationName
> Comport
> organizationalUnitName
> HQ
> localityName
> Ramsey
> stateOrProvinceName
> NJ
> countryName
> US
> SPKAC
> MIHFMHEwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAtL+pTWvR1HuqbGa7yfOsd//f
> g8X5AMT3Lo+CO2VHyqONr5ht43IaIG3N5LMqJII7LZXrO0Wv3WxljDh1Xuc78QID
> AQABFhFjaGFsbGVuZ2VQYXNzd29yZDANBgkqhkiG9w0BAQQFAANBAC1l2mfNrU1n
> dMCZZIvb5MZxXz9ZFJ9YqvWGt2MdYQ+FZ1RS8z164HtHr00PuY/0Matdb8TJd2pu
> wn2vHdqilfI=
> SUBMIT
> Submit Query
>
> As you can see I have tried this 37 times!
>
> I am clearly confused as this point about what steps to take to generate a
> CA that can then be used to create client certificates.
> One last note, I am using apache with mod_ssl and a certificate generated
> by me to run an ecrypted server.
>
> Any help will be be appreciated, especially that which assumes I know nothing!
>
> Greetings of the season to all
>
> Regards,
>
> Bruce
>
> +--------------------------------------+
> Bruce B. Platt, Ph.D.
> Comport Consulting Corporation
> 78 Orchard Street, Ramsey, NJ 07446
> Phone: 201-236-0505 Fax: 201-236-1335
> [EMAIL PROTECTED], bruce@ bruce.platt@
> ______________________________________________________________________
> Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
> Official Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
--
Holger Reif Tel.: +49 361 74707-0
SmartRing GmbH Fax.: +49 361 7470720
Europaplatz 5 [EMAIL PROTECTED]
D-99091 Erfurt WWW.SmartRing.de
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
