Exporting a key from a cert or csr
I got my certificate from Verisine, but cannot find the key I generated the csr with. At least the Moduli of the files I can find do not match what comes from the openssl x509 command. Can I pull a key out of the certificate or csr? Gary -- TV is the enemy -- John Bradley http://WWW-DB.Stanford.EDU/~gary/ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Securing my theme camp at Burning Man: PKCS#12 and Verisign
Will PKCS#12 and Verisign cert be enough or will I need something stronger because of the caustic dust and alien technology deployed there? Gary Wesley -- For every human problem, there is a neat, simple solution; and it is always wrong -- H. L. Mencken, Mencken's Metalaw http://WWW-DB.Stanford.EDU/~gary/ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Which ports used by Apache2/SSL (RMI)
I am trying to make a RMISSL server on Linux/Java. My question involves the ports used. What is wrong with my explanation below? I set Apache to listen on 8080 for HTTP (http.conf)and 8443 for HTTPS(SSL conf). I ask for an RMIregistry, which comes up on 1099. I initialize my server with my implentation of UnicastRemoteObject, requesting port 0 which means give me an anonymous port to RMIregistry. I open URL server:8080 then try to send data over SSL: My client does a Lookup on the URL to get the class. [-- the crucual part --] My RMISSLClientSocketFactory implements RMIClientSocketFactory, which gets a call to createSocket(String host, int port) where port is a large number. Where is the port 8443 specified on the client? Does it come back in the Lookup somehow? Do I need to have the whole session be SSL? Gary -- When you're through changing, you're through. -- Bruce Barton __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Apache/OpenSSL Handshake timeout
I am getting a timeout error, from not reading all the bytes from the client(?). The client can talk to retrieve the jar file, but when it sends an RMI, it balks. I obviously have 8443 open for SSL, and my certs must be OK. Is it a client problem? Server: Apache/1.3.14, Interface: mod_ssl/2.7.1, Library: OpenSSL/0.9.6 Solaris 2.6 (this is the jar download - it works over port 8443) [04/Apr/2002 09:01:00 29031] [info] Connection to child 0 established (server x:8443, client x) [04/Apr/2002 09:01:01 29031] [info] Seeding PRNG with 1160 bytes of entropy [04/Apr/2002 09:01:01 29031] [trace] OpenSSL: Handshake: start [04/Apr/2002 09:01:02 29031] [trace] OpenSSL: Loop: before/accept initialization [04/Apr/2002 09:01:02 29031] [debug] OpenSSL: read 11/11 bytes from BIO#0021FE88 [mem: 00234C20] (BIO dump follows) +-+ | : 80 46 01 03 00 00 2d 00-00 00 10 .F- | +-+ [04/Apr/2002 09:01:02 29031] [debug] OpenSSL: read 61/61 bytes from BIO#0021FE88 [mem: 00234C2B] (BIO dump follows) +-+ ... +-+ [04/Apr/2002 09:01:02 29031] [trace] OpenSSL: Loop: SSLv3 read client hello A [04/Apr/2002 09:01:02 29031] [trace] OpenSSL: Loop: SSLv3 write server hello A [04/Apr/2002 09:01:03 29031] [trace] OpenSSL: Loop: SSLv3 write certificate A [04/Apr/2002 09:01:03 29031] [trace] OpenSSL: Loop: SSLv3 write server done A [04/Apr/2002 09:01:03 29031] [debug] OpenSSL: write 937/937 bytes to BIO#0021FE88 [mem: 00242048] (BIO dump follows) +-+ ... [04/Apr/2002 09:01:40 29031] [debug] OpenSSL: write 23/23 bytes to BIO#0021FE88 [mem: 0023D430] (BIO dump follows) +-+ ... +-+ [04/Apr/2002 09:01:40 29031] [trace] OpenSSL: Write: SSL negotiation finished successfully [04/Apr/2002 09:01:40 29031] [info] Connection to child 0 closed with standard shutdown (server x:8443, client x) (this RMI call fails) [03/Apr/2002 08:11:48 29033] [info] Connection to child 2 established (server removed:8443, client removed) [03/Apr/2002 08:11:48 29033] [info] Seeding PRNG with 1160 bytes of entropy [03/Apr/2002 08:11:48 29033] [trace] OpenSSL: Handshake: start [03/Apr/2002 08:11:48 29033] [trace] OpenSSL: Loop: before/accept initialization [03/Apr/2002 08:11:48 29033] [debug] OpenSSL: read 7/11 bytes from BIO#00242AA8 [mem: 00237C38] (BIO dump follows) +-+ | : 4a 52 4d 49 00 02 4b JRMI..K | +-+ [03/Apr/2002 08:12:10 29033] [debug] OpenSSL: I/O error, 4 bytes expected to read on BIO#00242AA8 [mem: 00237C3F] [03/Apr/2002 08:12:10 29033] [trace] OpenSSL: Exit: error in SSLv2/v3 read client hello A [03/Apr/2002 08:12:10 29033] [error] SSL handshake timed out (client 171.64.70.217, server Gary -- You have heard that it was said, 'An eye for an eye and a tooth for a tooth.' But I say to you, 'Do not resist one who is evil. But if any one strikes you on the right cheek, turn to him the other also' Matthew 38-40 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Apache/OpenSSL Handshake timeout
Jeremy, Server runs Solaris 2.6, client uses Netscape 4.79 and IE5 on W2k Gary Walton wrote: Question is this for winxp running IE5 or IE6? Jeremy Walton DICE Corporation -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Gary W Sent: Friday, April 05, 2002 11:44 AM To: [EMAIL PROTECTED] Subject: Apache/OpenSSL Handshake timeout I am getting a timeout error, from not reading all the bytes from the client(?). The client can talk to retrieve the jar file, but when it sends an RMI, it balks. I obviously have 8443 open for SSL, and my certs must be OK. Is it a client problem? Server: Apache/1.3.14, Interface: mod_ssl/2.7.1, Library: OpenSSL/0.9.6 Solaris 2.6 (this is the jar download - it works over port 8443) [04/Apr/2002 09:01:00 29031] [info] Connection to child 0 established (server x:8443, client x) [04/Apr/2002 09:01:01 29031] [info] Seeding PRNG with 1160 bytes of entropy [04/Apr/2002 09:01:01 29031] [trace] OpenSSL: Handshake: start [04/Apr/2002 09:01:02 29031] [trace] OpenSSL: Loop: before/accept initialization [04/Apr/2002 09:01:02 29031] [debug] OpenSSL: read 11/11 bytes from BIO#0021FE88 [mem: 00234C20] (BIO dump follows) +--- --+ | : 80 46 01 03 00 00 2d 00-00 00 10 .F- | +--- --+ [04/Apr/2002 09:01:02 29031] [debug] OpenSSL: read 61/61 bytes from BIO#0021FE88 [mem: 00234C2B] (BIO dump follows) +--- --+ ... +--- --+ [04/Apr/2002 09:01:02 29031] [trace] OpenSSL: Loop: SSLv3 read client hello A [04/Apr/2002 09:01:02 29031] [trace] OpenSSL: Loop: SSLv3 write server hello A [04/Apr/2002 09:01:03 29031] [trace] OpenSSL: Loop: SSLv3 write certificate A [04/Apr/2002 09:01:03 29031] [trace] OpenSSL: Loop: SSLv3 write server done A [04/Apr/2002 09:01:03 29031] [debug] OpenSSL: write 937/937 bytes to BIO#0021FE88 [mem: 00242048] (BIO dump follows) +--- --+ ... [04/Apr/2002 09:01:40 29031] [debug] OpenSSL: write 23/23 bytes to BIO#0021FE88 [mem: 0023D430] (BIO dump follows) +--- --+ ... +--- --+ [04/Apr/2002 09:01:40 29031] [trace] OpenSSL: Write: SSL negotiation finished successfully [04/Apr/2002 09:01:40 29031] [info] Connection to child 0 closed with standard shutdown (server x:8443, client x) (this RMI call fails) [03/Apr/2002 08:11:48 29033] [info] Connection to child 2 established (server removed:8443, client removed) [03/Apr/2002 08:11:48 29033] [info] Seeding PRNG with 1160 bytes of entropy [03/Apr/2002 08:11:48 29033] [trace] OpenSSL: Handshake: start [03/Apr/2002 08:11:48 29033] [trace] OpenSSL: Loop: before/accept initialization [03/Apr/2002 08:11:48 29033] [debug] OpenSSL: read 7/11 bytes from BIO#00242AA8 [mem: 00237C38] (BIO dump follows) +--- --+ | : 4a 52 4d 49 00 02 4b JRMI..K | +--- --+ [03/Apr/2002 08:12:10 29033] [debug] OpenSSL: I/O error, 4 bytes expected to read on BIO#00242AA8 [mem: 00237C3F] [03/Apr/2002 08:12:10 29033] [trace] OpenSSL: Exit: error in SSLv2/v3 read client hello A [03/Apr/2002 08:12:10 29033] [error] SSL handshake timed out (client 171.64.70.217, server Gary -- You have heard that it was said, 'An eye for an eye and a tooth for a tooth.' But I say to you, 'Do not resist one who is evil. But if any one strikes you on the right cheek, turn to him the other also' Matthew 38-40 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] -- You have heard that it was said, 'An eye for an eye and a tooth for a tooth.' But I say to you, 'Do not resist one who is evil. But if any one strikes you on the right cheek, turn to him the other also' Matthew 38-40 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL
SSL handshake timed out/ Apache/1.3.14, mod_ssl/2.7.1,OpenSSL/0.9.6 on SolariSSL handshake timed out
My server throws this when it is ready to return data to the client. My timeout is 50 seconds. Since the server got the data request, isn't the SSL connection properly set? (Have xed out ip data) [27/Mar/2002 14:51:23 29952] [info] Connection to child 1 established (server x:y, client 171.64.70.217) [27/Mar/2002 14:51:23 29952] [info] Seeding PRNG with 1160 bytes of entropy [27/Mar/2002 14:52:15 29952] [error] SSL handshake timed out (client x, server x:y) Using Server: Apache/1.3.14, Interface: mod_ssl/2.7.1, Library: OpenSSL/0.9.6 on Solaris 2.6. Gary -- It has yet to be proven that intelligence has any survival value. -- Arthur C. Clarke __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Key file dialog error in Apache
When I do my startssl, I see Apache/1.3.14 mod_ssl/2.7.1 (Pass Phrase Dialog) Some of your private key files are encrypted for security reasons. In order to read them you have to provide us with the pass phrases. Server [my server].Stanford.EDU:443 (RSA) Apache:mod_ssl:Error: Private key not found. **Stopped I have made an RSA using make certificate and enabled things in the httpd.conf. My error log says it cannot find. [25/Mar/2002 09:18:16 09640] [info] Server: Apache/1.3.14, Interface: mod_ssl/2.7.1, Library: OpenSSL/0.9.6 [25/Mar/2002 09:18:16 09640] [info] Init: 1st startup round (still not detached) [25/Mar/2002 09:18:16 09640] [info] Init: Initializing OpenSSL library [25/Mar/2002 09:18:16 09640] [info] Init: Loading certificate private key of SSL-aware server [my server].Stanford.EDU:443 [25/Mar/2002 09:18:16 09640] [info] Init: Requesting pass phrase via builtin terminal dialog [25/Mar/2002 09:18:16 09640] [error] Init: Private key not found (OpenSSL library error follows) [25/Mar/2002 09:18:16 09640] [error] OpenSSL: error:0D084069:asn1 encoding routines:d2i_ASN1_SET:bad tag [25/Mar/2002 09:18:16 09640] [error] OpenSSL: error:0D09D082:asn1 encoding routines:d2i_RSAPrivateKey:parsing [25/Mar/2002 09:18:16 09640] [error] OpenSSL: error:0D09B00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib From httpd.conf: SSLPassPhraseDialog builtin SSLCACertificatePath ../apache_1.3.14/conf/ssl.crt SSLCertificateFile ../apache_1.3.14/conf/ssl.crt/server.crt SSLCertificateKeyFile ../apache_1.3.14/conf/ssl.key/server.key ls -l ../apache_1.3.14/conf/ssl.crt/server.crt -rw-r--r--1 gary diglib 1200 Mar 25 09:17 ../apache_1.3.14/conf/ssl.crt/server.crt ls -l ../apache_1.3.14/conf/ssl.key/server.key -rw-r--r--1 gary diglib963 Mar 25 09:18 ../apache_1.3.14/conf/ssl.key/server.key Red Hat 7.0. ANy ideas? Gary Wesley -- The man who doesn't read good books has no advantage over the man who can't read them. -- Mark Twain __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
