Hello,
I just compiled and installed openssl-0.9.6 with imap-2000 from UW on
irix-6.5.x (using egd as an entropy generator) but due to my lack of
understanding on how to generate and where to install my self-signed
certificates I get the following error when trying to telnet to port
993 on the imap server:
~#> telnet <imaps-server> 993
imapd: Unable to load private key from /usr/local/ssl/certs/imapd.pem
imapd: SSL error status: error:0906D06C:PEM routines:PEM_read_bio:no start line
imapd: SSL error status: error:140B3009:SSL
routines:SSL_CTX_use_RSAPrivateKey_file:missing asn1 eos
Here's what I did to generate my self-signed certificates. I used the
guidelines found in http://www.w3j.com/7/s3.hirsch.wrap.html even
though i'm not sure if it applies to openssl, hence my problem :(
1- Generate self-signed root certificate:
~#> openssl req -new -out -x509 -keyout CAkey.pem -out CAcert.pem
Using configuration from /usr/local/ssl/openssl.cnf
Generating a 1024 bit RSA private key
..++++++
......++++++
writing new private key to 'CAkey.pem'
Enter PEM pass phrase:
Verifying password - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [CA]:
State or Province Name (full name) [Quebec]:
Locality Name (eg, city) [Montreal]:
Organization Name (eg, company) [McConnell Brain Imaging Center]:
Organizational Unit Name (eg, section) [BIC]:
Common Name (eg, YOUR name) []:example CA
Email Address [[EMAIL PROTECTED]]:
~#> mv CA*.pem private
2- Generate certificate request:
~#> openssl req -new -out MyReq.req
Using configuration from /usr/local/ssl/openssl.cnf
Generating a 1024 bit RSA private key
.++++++
..........++++++
writing new private key to 'privkey.pem'
Enter PEM pass phrase:
Verifying password - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [CA]:
State or Province Name (full name) [Quebec]:
Locality Name (eg, city) [Montreal]:
Organization Name (eg, company) [McConnell Brain Imaging Center]:
Organizational Unit Name (eg, section) [BIC]:
Common Name (eg, YOUR name) []:BIC CA
Email Address [[EMAIL PROTECTED]]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: xxxxxxxx
An optional company name []:
3- Sign it:
~#> openssl ca -out newcert.pem -in MyReq.req
Using configuration from /usr/local/ssl/openssl.cnf
Enter PEM pass phrase:
Check that the request matches the signature
Signature ok
The Subjects Distinguished Name is as follows
countryName :PRINTABLE:'CA'
stateOrProvinceName :PRINTABLE:'Quebec'
localityName :PRINTABLE:'Montreal'
organizationName :PRINTABLE:'McConnell Brain Imaging Center'
organizationalUnitName:PRINTABLE:'BIC'
commonName :PRINTABLE:'BIC CA'
emailAddress :IA5STRING:'[EMAIL PROTECTED]'
Certificate is to be certified until Nov 29 14:40:47 2001 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
4- Install the imapd certificate:
~#> cp newcert.pem certs/imapd.pem
Obviously, I'm missing something!
TIA,
jf
--
"You are born naked, wet and hungry. Then it gets worse" -Woto
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
