Beau,
The certificate was on a DoD web page that I copied and pasted into a
text document. Actually, I used NT's ability to paste into a DOS box, so
I editied a blank file with edit and pasted the certificate into that.
I included the entire portion starting with the first line of
--------BEGIN CERTIFICATE-----------
(or something like that...since I'm at home now I don't have it in front of me)
If I dump the idea of using a CA (It's a military one anyway that no browsers
recognize so I may as well self sign them), how can I get this to work?
Thanks
Tom
At 6/30/00 09:18 AM, you wrote:
>Tom,
>
>ASN1 is a data encoding standard. It reads to me as if your certificate is
>stored in a file and that file does not have the requisite structure to be
>valid-- not that the SSL machinery is broken.
>
>if the file uses a ----- header line make sure to include ALL of that in
>your file.
>
>-beau patrette
> uc davis
>
>On Fri, 30 Jun 2000, Tom Nunamaker wrote:
>
> > I'm very frustrated trying to get a certificate to work on my
> > server. I don't care if it's signed by a CA or not. The DoD
> > PKI office signed one for me but I get errors when I try to use it.
> > I can view the CA's certificate with:
> >
> > openssl x509 -noout -text -in ca.crt
> >
> > but Apache complains with this:
> >
> > Init: Unable to read server certificate from file
> > c:/apache/conf/853c.key (OpenSSL library error follows)
> > OpenSSL: error:0D09F007:asn1 encoding routines:d2i_x509:expecting an
> > asn1 sequence
> >
> >
> > Does that mean the CA can't sign a certificate OpenSSL will be happy
> > with? Do I
> > have to use Netscape's server?
> >
> > Can I sign my own key file? I have the one I sent to the DoD PKI office
> > but I
> > can't find anywhere that tells me the OpenSSL command(s) to self sign a
> > certificate.
> > I've seen refereces to "Use the CA.pl that comes with OpenSSL" There is
> > not CA.PL
> > with the OpenSA distribution. <sigh>
> >
> > Anyone have step-by-step instructions for self signing a certificate and
> > getting it to
> > work on NT with Apache?
> >
> > Thanks
> >
> > Tom Nunamaker
> > [EMAIL PROTECTED]
> >
> >
> >
> >
> > "Daniel S. Reichenbach" wrote:
> > >
> > > > Are there any plans for an OpenSA FAQ or something? I've had
> > > > an awful lot
> > > > of people seeing my mod_perl notes running searches on things
> > > > like ASP,
> > > > PHP, mod_*, EAPI, and my site carries nothing about these topics.
> > > Would be good, but i don`t have the time to do it right now. If
> > > someone volunteers, to start one...
> > >
> > > /me
> > > --
> > > Institut Ingenium
> GmbH http://www.ingenium.de/
> > > Daniel
> Reichenbach [EMAIL PROTECTED]
> >
>
>
>--Beau Patrette email address: [EMAIL PROTECTED]
>[*********************************************************************]
>[ IT Express | "Nobody will ever need more than ]
>[ 182 Shields Library | 640 kb of RAM." -- Bill Gates, 1983. ]
>[ U.C. Davis | "Windows 98 requires 16 MB RAM." ]
>[ (530) 754-HELP | -- Bill Gates, 1999. ]
>[ on the web: | "Nobody will ever need Windows 98." ]
>[ itexpress.ucdavis.edu | -- Logical Conclusion. ]
>[*********************************************************************]
>
