Re: [leaf-user] Bering-VPN-ipsec-x509 question
On Mon, 27 May 2002 16:18:08 -0700 Scott Ritchie [EMAIL PROTECTED] wrote: Hey all, I'm trying to make x509 certificates on a RH7.3 system using the instructions in the Bering User's Guide. Everything looks good till i enter... openssl pkcs12 -export -inkey clientKey.pem -in clientCert.pem -certfile demoCA/cacert.pem -out clientCert.p12 What i get back after entering the PEM pass phrase is Error loading certificate from input 20254:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:662:Expecting: CERTIFICATE Can you give us an 'ls -l' from your working directory? I get this error when I have somehow gone through the proceeding steps and ended up with an empty clientCert.pem (because of an error in a previous step). I just went through the steps line by line and came up with good results, so if there are not errors in any of your previous steps, I will have to go back to the drawing board. Thanks, -- -- Chad Carr[EMAIL PROTECTED] -- ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering-VPN-ipsec-x509 question
- Original Message - Can you give us an 'ls -l' from your working directory? I get this error when I have somehow gone through the proceeding steps and ended up with an empty clientCert.pem (because of an error in a previous step). I just went through the steps line by line and came up with good results, so if there are not errors in any of your previous steps, I will have to go back to the drawing board. Thanks!, I'll try it again on a different machine (slackware). Here's the dir listing... total 35 -rw-r--r--1 root root0 May 27 16:02 clientCert.p12 -rw-r--r--1 root root0 May 27 16:02 clientCert.pem -rw-r--r--1 root root 1751 May 27 16:02 clientKey.pem -rw-r--r--1 root root 1001 May 27 16:02 clientReq.pem -rw-r--r--1 root root 690 May 27 15:41 crl.pem drwx--4 root root 4096 May 27 15:52 demoCA -rw-r--r--1 root root 2490 May 27 15:48 ipsec.secrets -rw-r--r--1 root root 1692 May 27 15:45 serverCert.pem -rw-r--r--1 root root 1751 May 27 15:44 serverKey.pem -rw-r--r--1 root root 1058 May 27 15:44 serverReq.pem -rw-r--r--1 root root 1209 May 27 15:47 x509cert.der ./demoCA: total 28 -rw-r--r--1 root root 1631 May 27 15:41 cacert.pem -rw-r--r--1 root root 216 May 27 15:52 index.txt -rw-r--r--1 root root 123 May 27 15:45 index.txt.old drwx--2 root root 4096 May 27 15:52 newcerts drwx--2 root root 4096 May 27 15:40 private -rw-r--r--1 root root3 May 27 15:52 serial -rw-r--r--1 root root3 May 27 15:45 serial.old ./demoCA/newcerts: total 8 -rw-r--r--1 root root 1692 May 27 15:45 01.pem -rw-r--r--1 root root 1639 May 27 15:52 02.pem ./demoCA/private: total 4 -rw-r--r--1 root root 1751 May 27 15:41 cakey.pem ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering-VPN-ipsec-x509 question
On Tue, 28 May 2002 10:12:31 -0700 Scott Ritchie [EMAIL PROTECTED] wrote: - Original Message - Can you give us an 'ls -l' from your working directory? I get this error when I have somehow gone through the proceeding steps and ended up with an empty clientCert.pem (because of an error in a previous step). I just went through the steps line by line and came up with good results, so if there are not errors in any of your previous steps, I will have to go back to the drawing board. Thanks!, I'll try it again on a different machine (slackware). Here's the dir listing... total 35 -rw-r--r--1 root root0 May 27 16:02 clientCert.p12 -rw-r--r--1 root root0 May 27 16:02 clientCert.pem -rw-r--r--1 root root 1751 May 27 16:02 clientKey.pem -rw-r--r--1 root root 1001 May 27 16:02 clientReq.pem -rw-r--r--1 root root 690 May 27 15:41 crl.pem drwx--4 root root 4096 May 27 15:52 demoCA -rw-r--r--1 root root 2490 May 27 15:48 ipsec.secrets -rw-r--r--1 root root 1692 May 27 15:45 serverCert.pem -rw-r--r--1 root root 1751 May 27 15:44 serverKey.pem -rw-r--r--1 root root 1058 May 27 15:44 serverReq.pem -rw-r--r--1 root root 1209 May 27 15:47 x509cert.der As I thought, you have a clientCert.pem file with a zero byte count. Try running the command: openssl ca -policy policy_anything -in clientReq.pem -days 1825 -out \ clientCert.pem -notext again and send the output. There may be something wrong with the documentation or something. Do you have an openssl.cnf file? -- -- Chad Carr[EMAIL PROTECTED] -- ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering-VPN-ipsec-x509 question
As I thought, you have a clientCert.pem file with a zero byte count. Try running the command: openssl ca -policy policy_anything -in clientReq.pem -days 1825 -out \ clientCert.pem -notext again and send the output. There may be something wrong with the documentation or something. Do you have an openssl.cnf file? openssl.cnf? hmmm, no idea what it is. Guess I'l have to read the docs for ssl after all : ) ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Bering-VPN-ipsec-x509 question
Hey all, I'm trying to make x509 certificates on a RH7.3 system using the instructions in the Bering User's Guide. Everything looks good till i enter... openssl pkcs12 -export -inkey clientKey.pem -in clientCert.pem -certfile demoCA/cacert.pem -out clientCert.p12 What i get back after entering the PEM pass phrase is Error loading certificate from input 20254:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:662:Expecting: CERTIFICATE If I understand it right its complaining about the clientCert.pem. I've done the steps word for word three times now. Did I miss something? Anyone else have problems with this? Thanks inadvance for any pointers Scott ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
