I tried openssl to download a remote cert on my181.svr.us.cyber.net Below are the 3 steps to generate self sign certificate.
1)To generate keys: /opt/boksm/lib/openssl genrsa -des3 -out server2.key 2048 -config /usr/sfw/lib/webmin/acl/openssl.cnf 2)To generate CSR /opt/boksm/lib/openssl req -new -key server2.key -out server2.csr -config /usr/sfw/lib/webmin/acl/openssl.cnf 3)To generate certificate view plain<http://www.coderanch.com/t/556440/Security/openssl-failing-download-remote-certificate#>copy to clipboard<http://www.coderanch.com/t/556440/Security/openssl-failing-download-remote-certificate#> print<http://www.coderanch.com/t/556440/Security/openssl-failing-download-remote-certificate#> ?<http://www.coderanch.com/t/556440/Security/openssl-failing-download-remote-certificate#> 1. /opt/boksm/lib/openssl x509 -req -days 365 -in server2.csr -signkey server2.key -out server2.crt /opt/boksm/lib/openssl x509 -req -days 365 -in server2.csr -signkey server2.key -out server2.crt And then used view plain<http://www.coderanch.com/t/556440/Security/openssl-failing-download-remote-certificate#>copy to clipboard<http://www.coderanch.com/t/556440/Security/openssl-failing-download-remote-certificate#> print<http://www.coderanch.com/t/556440/Security/openssl-failing-download-remote-certificate#> ?<http://www.coderanch.com/t/556440/Security/openssl-failing-download-remote-certificate#> 1. /opt/boksm/lib/openssl s_client -connect my181.svr.us.cyber.net:12201 -key server2.key -cert server2.crt -CAfile ca.crt /opt/boksm/lib/openssl s_client -connect my181.svr.us.cyber.net:12201 -key server2.key -cert server2.crt -CAfile ca.crt To connect view plain<http://www.coderanch.com/t/556440/Security/openssl-failing-download-remote-certificate#>copy to clipboard<http://www.coderanch.com/t/556440/Security/openssl-failing-download-remote-certificate#> print<http://www.coderanch.com/t/556440/Security/openssl-failing-download-remote-certificate#> ?<http://www.coderanch.com/t/556440/Security/openssl-failing-download-remote-certificate#> 1. /opt/boksm/lib/openssl s_client -connect my181.svr.us.cyber.net:12201 -key server2.key -cert server2.crt -CAfile ca.crt /opt/boksm/lib/openssl s_client -connect my181.svr.us.cyber.net:12201 -key server2.key -cert server2.crt -CAfile ca.crt view plain<http://www.coderanch.com/t/556440/Security/openssl-failing-download-remote-certificate#>copy to clipboard<http://www.coderanch.com/t/556440/Security/openssl-failing-download-remote-certificate#> print<http://www.coderanch.com/t/556440/Security/openssl-failing-download-remote-certificate#> ?<http://www.coderanch.com/t/556440/Security/openssl-failing-download-remote-certificate#> 1. Enter pass phrase for server2.key: ****** 2. 15959 :error:0906D064:PEM routines:PEM_read_bio:bad base64 decode:pem_lib.c:765 : 15959 :error:0B084009:x509 certificate routines:X509_load_cert_crl_file:PEM lib:by_file.c: 280: CONNECTED(00000004) depth=2 /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5 verify error:num=20 :unable to get local issuer certificate verify return:0 15959:error: 14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c: 1060:SSL alert number 48 15959 :error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c: 188: Enter pass phrase for server2.key: ****** 15959:error:0906D064:PEM routines:PEM_read_bio:bad base64 decode:pem_lib.c:765: 15959:error:0B084009:x509 certificate routines:X509_load_cert_crl_file:PEM lib:by_file.c:280: CONNECTED(00000004) depth=2 /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5 verify error:num=20:unable to get local issuer certificate verify return:0 15959:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1060:SSL alert number 48 15959:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188: Not sure what I am doing wrong. Can you please help figure out? -- R e g a r d s, <Mohtashim> <Developer Relation Engineer> off: +91-20-39825000 / mob: 9323657130
