Trouble with SSL_CTX_use_PrivateKey_file()
SSL_CTX_use_PrivateKey_file() seems to fail for me. I am reasonably new to this. Is there any kind of error stack or description that I can look at? If it makes a difference, I have gotten a class 3 certificate from verisign, and I believe that it is in PEM format. Any help would be appreciated. I have included a section of the code that I am using below: meth = SSLv3_client_method(); myCTX = SSL_CTX_new( meth ); if( SSL_CTX_use_certificate_file( myCTX, CertPEM, X509_FILETYPE_PEM ) <= 0 ) { m_DebugLog.lfputs( "Failure: SSL_CTX_use_certificate_file( \"%s\")", CertPEM ); _socket = INVALID_SOCKET; goto Error; }else { m_DebugLog.lfputs( "Success: SSL_CTX_use_certificate_file()" ); } if( !SSL_CTX_use_PrivateKey_file( myCTX, CertPEM, X509_FILETYPE_PEM ) ) { m_DebugLog.lfputs( "Failure: SSL_CTX_use_PrivateKey_file()" ); _socket = INVALID_SOCKET; goto Error; }else { m_DebugLog.lfputs( "Success: SSL_CTX_use_PrivateKey_file()" ); } Thanks, Chris
Re: Accessing a Smart Card through Browser
Hakan Lindh wrote: > > Look at Arcot Systems, Inc. for a smart-card solution without the physical > smart card www.arcot.com I've heard some pretty bloody stupid things in my time, but this really does take the biscuit. -- SECURE HOSTING AT THE BUNKER: http://www.thebunker.net/hosting.htm http://www.apache-ssl.org/ben.html Coming to ApacheCon? http://ApacheCon.Com/ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Error with not common object in DN
Mario Fabiano wrote: > > I usually issue certificates for browsers with a my own CA built with > the CA.sh delivered with openssl 0.9.4. > I am trying to create certificates with some not common objects in DN, > like surname (2.5.4.4), givenName(2.5.4.42), description (2.5.4.13) and > like. > While the request works fine (I get a PKCS#10) containg the wanted > objects in the DN, the creation of the certificate, made with 'openssl > ca ...' goes wrong, and returns a message of this kind: > > RANDFILE:unknown object type in 'policy' configuration > [stuff deleted] > > Any hint? > > Thankyou in advance > Can you include the openssl.cnf file and a sample PKCS#10 request that does this? At first sight it looks like your openssl.cnf file is broken. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Accessing a Smart Card through Browser
Look at Arcot Systems, Inc. for a smart-card solution without the physical smart card www.arcot.com /Hakan Lindh Arcot Systems, Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of P.K.B. Hari Gopal Sent: Wednesday, March 01, 2000 5:42 AM Subject: Accessing a Smart Card through Browser Dear Sir, I want to use SSL Client authentication for my application. I want to store my private key in a smart card rather than the browser's key store. I want to install my client certificate in the browser and private key in the Smart card. Whenever I enable a SSL Client authentication at Web server, generally it will prompt the user to select the certificate from the default certificate store of browser. Once the certificate is selected it will prompt for the password to access private key. I want to access this private key from a smart card rather than storing it in key store. Is there any possibility of doing this way in standard web based SSL Communication. May I request some inputs on this at the earliest, as it is a immediate requirement. Regards. -Hari Gopal __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]