See below...
Douglas Lee wrote:
>
>
> 2) Generate new CR file using "CA.sh -newreq". This generates the file
> certificate request file newreq.pem.
>
It also generates a new private key in privkey.pem
> 3) Sign the CR file using the CA file by "CA.sh -sign". This generates
> the certificate file "newcert.pem". I presume that this is the file that
> needs to be loaded using SSL_CTX_use_certificate_file and
> SSL_CTX_use_RSAPrivateKey_file on the server side.
>
The private key is in privkey.pem so that's what you need to use.
BTW do *NOT* use SSL_CTX_use_RSAPrivateKey_file() if you do then the
resulting code will only work with RSA keys.
You should use SSL_CTX_use_PrivateKey_file() instead which will work
with any kind of key.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
