make mycert.crt
Hi, I want to sign a certificate to my server with a self signed CA. I' ve done this, openssl ca -config openssl.cnf -in server.csr -out server.crt and i've got this error message: CA ceertificate and CA private key do not match 2946:error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch:x509_cmp.c:264: Anyone? Thanks in advance. Osvaldo Brito [EMAIL PROTECTED] [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
making a server certificate problem
Hi, I want to generate a server certificate. For that have to sign my server.csr file with my self signed CA. I used this: openssl ca -config openssl.cnf -md md5 -keyfile ca.key -cert ca.crt -in server.csr -out mycert.crt and i've got this error message: wrong number of fields on line 1 (looking for field 6, got 1, '' left) What's the problem? Thanks in advance. Osvaldo Brito [EMAIL PROTECTED] [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
existencial question
Hi, I'm wondering how a user autenticate itself to a apache web server via browser. Do he have to carry a floppy disk with his certificate, import to the browser or will the browser just ask for a password. If it is possible the second option, how safe will be the connection? Thanks in advance. Osvaldo Brito [EMAIL PROTECTED] [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
broken pipe
> Hello sr. Richard Levitte, > > I'm testing a https connection and a warning message came in the browser > telling that the server is demanding a personal certificate (and i don't > have), and the server may choose to close the connection. How can i define > a personal certificate? Is that by the same method that i did to make a > server certificate and then export to the browser (personal-cert.crt)? > > > Thanks in advance. > > Osvaldo Brito > > ---\ [EMAIL PROTECTED] > ---/ [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: help
Hello world, I've a few basic questions about secure apache web server, - Is the httpd.conf.default able to respond to https request? how? - do I must set the apache with the SSL layer in the virtual host? - Why when I run my httpd.conf, with the SSL context in the main server some strange things happen: 1. there is a very big speedup of the httpd run time 2. in the directory apache/logs I just have this files: access_log, error_log, ssl_engine_log (I don't have the httpd.pid!) 3. the endest lines of the access_log file are: 146.193.24.118 - -[18/Feb/2000:11:52:34 -0500]"GET/manual/images/feather.jpg HTTP/1.0" 304 146.193.24.118 - -[18/Feb/2000:11:52:34 -0500]"GET/manual/images/apache_pb.gif HTTP/1.0" 304 146.193.24.118 - -[18/Feb/2000:11:52:34 -0500]"GET/manual/images/mod_ssl_sb.gif HTTP/1.0" 304 146.193.24.118 - -[18/Feb/2000:11:52:34 -0500]"GET/manual/images/openssl_ics.gif HTTP/1.0" 304 4. the endest lines of the error_log file are: [Fri Feb 18 11:55:27 2000] [error] mod_ssl: Init: Unable to read server certificate from file /usr/local/resident/apache/conf/ssl.crt (OpenSSL library error follows) [Fri Feb 18 11:55:27 2000] [error] OpenSSL: error:0D09F007: asn1 encoding routines: d2i_X509:expecting an asn1 sequence 5. the endest lines of the ssl_engine_log file are: [18/Feb/2000 11:55:27 22558] [info] Server: Apache/1.3.9, Interface: mod_ssl/2.4.10, Library: OpenSSL/0.9.4 [18/Feb/2000 11:55:27 22558] [info] Init: 1st startup round (still not detached) [18/Feb/2000 11:55:27 22558] [info] Init: Initializing OpenSSL library [18/Feb/2000 11:55:27 22558] [info] Init: Loading certificates & private key of SSL-aware server www.laplace.inesc.pt:443 [18/Feb/2000 11:55:27 22558] [info] Init: Unable to read server certificate from file /usr/local/resident/apache/conf/ssl.crt/server.crt (OpenSSL library error follows) [18/Feb/2000 11:55:27 22558] [error] OpenSSL: error:0D09F007:asn1 encoding routines:d2i_X509:expecting an asn1 sequence Do I have a solution? Where is the manual to understand the OpenSSL library error? Thank in advance for your help. See you around... Osvaldo Brito [EMAIL PROTECTED] [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: s_client question
Hi, I'm configuring the apache mod-ssl. When i try the connection via netscape broswer, i get this error message: The server's certificate has an invalid signature. You will not be able to connect to this site securely. At the same time, in the error_log file: [Wed Feb 23 05:36:52 2000] [error] mod_ssl: SSL handshake failed (server www.laplace.inesc.pt:443, client) (OpenSSL library error follows) [Wed Feb 23 05:36:52 2000] [error] OpenSSL: error:14094412:SSL routines: SSL3_READ_BYTES:sslv3 alert bad certificate [Hint: Subject CN in certificate not server name or identical to CA!?] [Wed Feb 23 05:52:25 2000] [error] mod_ssl: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!] (System error follows) [Wed Feb 23 05:52:25 2000] [error] System: Connection reset by peer (errno: 104) What's the problem? By the way, does anyone knows where i can find documention to understand the error_log (or even all the apache/logs files)? Thank you in advance! Osvaldo Brito [EMAIL PROTECTED] [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: import certificate
Hi, I've tried to run the above command line, and i've got this stdout error mesage: Error loading private key 13988:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:610: Any help? Thanks in advance! Osvaldo Brito [EMAIL PROTECTED] [EMAIL PROTECTED] On Mon, 21 Feb 2000, Paul Khavkine wrote: > You have to convert the certificate with pkcs12 > Ex: > openssl pkcs12 -export -in server.crt -name "My Certificate" -out mycert.p12 > > On Mon, 21 Feb 2000, Osvaldo Brito wrote: > > > > > I want to import a certificate in to a netscape browser. Wish file should > > I get (I've tried the server.crt with no sucess)? > > > > Osvaldo Brito > > > > [EMAIL PROTECTED] > > [EMAIL PROTECTED] > > > > > > __ > > OpenSSL Project http://www.openssl.org > > User Support Mailing List[EMAIL PROTECTED] > > Automated List Manager [EMAIL PROTECTED] > > > > __ > OpenSSL Project http://www.openssl.org > User Support Mailing List[EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
server configuration problem
Hi, When i execute this command line: $ openssl s_client -host localhost -port 443 I get this stdout error message: CONNECTED(0003) [EMAIL PROTECTED] verify error:num=18:self signed certificate verify return:1 [EMAIL PROTECTED] verify error:num=7:certificate signature failed verify return:1 14228:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01:rsa_pk1.c:100: 14228:error:04067071:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay.c:394: 14228:error:0D079006:asn1 encoding routines:ASN1_verify:bad get asn1 object call:a_verify.c:106: 14228:error:140900F7:SSL routines:SSL3_GET_SERVER_CERTIFICATE:unknown certificate type:s3_clnt.c:793: What may be the problem? Thank you in advance. Osvaldo Brito [EMAIL PROTECTED] [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
basic...
Hi, What's the diference betwen this files: server.csr, server.crt, server.key Thank you in advance. Osvaldo Brito [EMAIL PROTECTED] [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: server configuration problem
Hi, when run this command line, $ openssl s_client -host localhost -port 443 I get this stdout error message, CONNECTED(0003) [EMAIL PROTECTED] verify error:num=18:self signed certificate verify return:1 [EMAIL PROTECTED] verify error:num=7:certificate signature failed verify return:1 14228:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01:rsa_pk1.c:100: 14228:error:04067071:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay.c:394: 14228:error:0D079006:asn1 encoding routines:ASN1_verify:bad get asn1 object call:a_verify.c:106: 14228:error:140900F7:SSL routines:SSL3_GET_SERVER_CERTIFICATE:unknown certificate type:s3_clnt.c:793: How can i know what is client version and platform and what software is the server listening at port 443? Thanks in advance, Osvaldo Brito __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
openssl basic
Hi, I'm trying to make a self sign certificate for testing purposes. I'm using the method in the openssl faq list, but the last step (using the SSLEAY ca.sign) seems impossible. I've already created the server.key, server.csr, ca.key e server.crt. Now i want to sign the *.csr with my own certificate. What is the correct command line? Thanks in advance. Osvaldo Brito [EMAIL PROTECTED] [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
using user certificate problem
Hi,
I'm configuring a apache mod_ssl web server.
I've a user.p12 file imported into the netscape browser. (I've made
the user.p12 with openssl pkcs12 -export -in user.crt -name "My user
certificate" -out user.p12 -clcerts -info -des3 -inkey user.key).
When i try to connect to the server i get error message on the netscape:
A network error ocurred while ntscape was receiving data. (Network Error:
broken pipe).
At the some time i got this on the error_log file:
[error] mod_ssl: Certificate Verification: Error (20):unable to get local
issuer certificate
[error] mod_ssl: SSL handshake failed (server www.laplace.inesc.pt:443,
client 146.193.24.118) (OpenSSL library error follows)
[error] OpenSSL: error: 14089B2:SSL routines:SSL_GET_CLIENT_CERTIFICATE:
no certificate returned
Any help?
Thanks in advance.
Osvaldo Brito
---\ [EMAIL PROTECTED]
---/ [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
get netscape internal pkcs#11 module
Hi, I want to export a certificate to a netscape browser. I converted the user certificate file (*.crt) in a pkcs#12 file (*.p12). But when i go to the security info dialog box in the browser, in crytographic modules i just see the netscape internal pkcs#11 module. And the browser cannot connect to the server, because in the handshake process the server cannot get the client certificate. I think that the solution is to add the pkcs#12 to the browser. Where can i find that module, and am i in the right clue? Thanks in advance. Osvaldo Brito ---\ [EMAIL PROTECTED] ---/ [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
servlet on apache server side
Hi, Can i use a java servlet on a apache server? Thanks in advance. Osvaldo Brito __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
