Re: Problem W/ Cert
Marek Marcola wrote: > Change ssl.ca-file directive to vs_ca.pem. > IT WORKED! IT WORKED! HALLELUJAH IT WORKED!! Thank you SO MUCH for your help! Now, I'll review our million messages and try to make sense of them, and put together a how-to if that seems appropriate. Thanks again :)) beno __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Problem W/ Cert
Wait! I misunderstood... server167# openssl verify -CAfile vs_root_ca.pem vs_inter_ca.pem vs_inter_ca.pem: OK server167# cat vs_root_ca.pem vs_inter_ca.pem > vs_ca.pem server167# openssl verify -CAfile vs_ca.pem mrtablecloth-vi.com.crt.pem mrtablecloth-vi.com.crt.pem: OK server167# /usr/local/sbin/lighttpd -f /usr/ports/www/lighttpd/doc/lighttpd.conf 2006-11-14 22:13:49: (network.c.358) SSL: error::lib(0):func(0):reason(0) /etc/ssl/certs/mrtablecloth-vi.com.pem where the mrtablecloth-vi.com.pem file is the ssl.ca-file TIA, beno __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Problem W/ Cert
Marek Marcola wrote:
> Great, save contents of this certificate (in window) to lets say
> vs_inter_ca.pem.
> Next download Root certificate from:
> http://www.verisign.com/support/verisign-intermediate-ca/Trial_Secure_Server_Root/index.html
> and save to lets say vs_root_ca.pem
>
Done.
> Then do first check:
> $ openssl verify -CAfile vs_root_ca.pem vs_inter_ca.pem
> vs_inter_ca.pem: OK
>
server167# openssl verify -CAfile vs_root_ca.pem vs_inter_ca.pem
vs_inter_ca.pem: OK
vs_inter_ca.pem: OK
Error opening certificate file vs_inter_ca.pem:
8270:error:02001002:system library:fopen:No such file or
directory:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:278:fopen('vs_inter_ca.pem:','r')
8270:error:20074002:BIO routines:FILE_CTRL:system
lib:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:280:
unable to load certificate
Error opening certificate file OK
8270:error:02001002:system library:fopen:No such file or
directory:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:278:fopen('OK','r')
8270:error:20074002:BIO routines:FILE_CTRL:system
lib:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:280:
unable to load certificate
TIA,
beno
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: Problem W/ Cert
Marek Marcola wrote: > You should get CA cert from Verisign (or something) which subject > will equal to this issuer. > Then maybe my problem was at the start. I received an email from Verisign at the beginning telling me to load this trial CA cert from this page: http://www.verisign.com/support/verisign-intermediate-ca/trial-secure-server-intermediate/index.html Now, not knowing better (and still not), I assumed that was the *.crt Please correct me if I'm wrong. TIA, beno __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Problem W/ Cert
Marek Marcola wrote: > I think you get this error because you specified in config file: > ssl.ca-file="/etc/ssl/certs/mrtablecloth-vi.com.crt" > This file should be PEM file from Verisign temporary CA, > you should get it from Verisign, eventually convert to PEM > save to file and point in this directive. > First, my correction...I got that error when I tried to install a CACert...I got the other error from the Verisign cert. I got no pem file from CACert. Verisign says I can test what they've given me and it should all work. The client wants to see that test work before they pay them $400. I tried using mrtablecloth-vi.com.pem but that gave the same error. Please clear up this confusion for me. TIA, beno __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Problem W/ Cert
Marek Marcola wrote: I assume you mean substitute the current file for the one you sent. I did that and the command executed successfully :) However... server167# /usr/local/sbin/lighttpd -f /usr/ports/www/lighttpd/doc/lighttpd.conf 2006-11-14 16:55:06: (network.c.358) SSL: error::lib(0):func(0):reason(0) /etc/ssl/certs/mrtablecloth-vi.com.crt This is where I started, but I believe that was before we began interacting, TIA, beno __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Problem W/ Cert
Marek Marcola wrote: > My mistake, should be of course to mrtablecloth-vi.com.crt.com I assume you mean *.pem, not *.com but at any rate the results were the same :( > Restore base64 encoded DER certificate to mrtablecloth-vi.com.crt > and run this command again. > server167# openssl base64 -d -in private.key_BAK | openssl rsa -inform der > mrtablecloth-vi.com.crt.pem writing RSA key server167# openssl base64 -d -in mrtablecloth-vi.com.crt | openssl x509 -inform der >> mrtablecloth-vi.com.crt.pem unable to load certificate 97274:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/asn1/tasn_dec.c:946: 97274:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/asn1/tasn_dec.c:304:Type=X509_CINF 97274:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_D2I:nested asn1 error:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/asn1/tasn_dec.c:566:Field=cert_info, Type=X509 TIA, beno __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Problem W/ Cert
Marek Marcola wrote: > Use something like: > > server167# openssl base64 -d -in private.key_BAK | openssl rsa -inform der > mrtablecloth-vi.com.crt writing RSA key server167# rm mrtablecloth-vi.com.crt.pem server167# openssl base64 -d -in mrtablecloth-vi.com.crt | openssl x509 -inform der >> mrtablecloth-vi.com.crt.pem unable to load certificate 96604:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/asn1/tasn_dec.c:946: 96604:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/asn1/tasn_dec.c:304:Type=X509_CINF 96604:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_D2I:nested asn1 error:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/asn1/tasn_dec.c:566:Field=cert_info, Type=X509 TIA, beno __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Problem W/ Cert
Marek Marcola wrote: > You should convert your private key to PEM format too. > This error is probably because certificate is read as RSA key. > Convert both files to PEM (files with BEGIN header), > cat both files to one file and use in your configuration. > Same thing: server167# ls mrtablecloth-vi.com.cat.pem mrtablecloth-vi.com.csr.bak private.key.bak mrtablecloth-vi.com.crt mrtablecloth-vi.com.pem private.key.pem mrtablecloth-vi.com.crt.bak mrtablecloth-vi.com.pem.bak test mrtablecloth-vi.com.crt.pem mrtablecloth-vi.com.pem_BAK mrtablecloth-vi.com.csr private.key server167# mv private.key private.key_BAK server167# cp private.key.pem private.key server167# openssl base64 -d -in mrtablecloth-vi.com.crt | openssl rsa -inform der > mrtablecloth-vi.com.crt.pem unable to load Private Key 95108:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/asn1/tasn_dec.c:946: 95108:error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 error:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/asn1/tasn_dec.c:628: 95108:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_D2I:nested asn1 error:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/asn1/tasn_dec.c:566:Field=version, Type=RSA 95108:error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/asn1/d2i_pr.c:96: TIA, beno __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Problem W/ Cert
Marek Marcola wrote: .. server167# openssl base64 -d -in mrtablecloth-vi.com.crt | openssl x509 -inform der > mrtablecloth-vi.com.crt.pem Clean, no complaints :) However... server167# /usr/local/sbin/lighttpd -f /usr/ports/www/lighttpd/doc/lighttpd.conf 2006-11-14 14:56:44: (network.c.377) SSL: Private key does not match the certificate public key, reason: error:0906D06C:PEM routines:PEM_read_bio:no start line /etc/ssl/certs/mrtablecloth-vi.com.crt.pem TIA, beno __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Problem W/ Cert
Marek Marcola wrote: > You should convert your private key to PEM format too. > This error is probably because certificate is read as RSA key. > Convert both files to PEM (files with BEGIN header), > cat both files to one file and use in your configuration. > Same thing: server167# ls mrtablecloth-vi.com.cat.pem mrtablecloth-vi.com.csr.bak private.key.bak mrtablecloth-vi.com.crt mrtablecloth-vi.com.pem private.key.pem mrtablecloth-vi.com.crt.bak mrtablecloth-vi.com.pem.bak test mrtablecloth-vi.com.crt.pem mrtablecloth-vi.com.pem_BAK mrtablecloth-vi.com.csr private.key server167# mv private.key private.key_BAK server167# openssl base64 -d -in private.key_BAK | openssl rsa -inform der > private.key writing RSA key server167# openssl base64 -d -in mrtablecloth-vi.com.crt | openssl rsa -inform der > mrtablecloth-vi.com.crt.pem unable to load Private Key 95108:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/asn1/tasn_dec.c:946: 95108:error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 error:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/asn1/tasn_dec.c:628: 95108:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_D2I:nested asn1 error:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/asn1/tasn_dec.c:566:Field=version, Type=RSA 95108:error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/asn1/d2i_pr.c:96: TIA, beno __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Problem W/ Cert
Marek Marcola wrote: > You should cat real PEM encoded cert and key. > I assume from what you write I should create a pem file out of the crt file: server167# openssl base64 -d -in mrtablecloth-vi.com.crt | openssl rsa -inform der > mrtablecloth-vi.com.crt.pem However, when I try that, I get this error: unable to load Private Key 93906:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/asn1/tasn_dec.c:946: 93906:error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 error:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/asn1/tasn_dec.c:628: 93906:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_D2I:nested asn1 error:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/asn1/tasn_dec.c:566:Field=version, Type=RSA 93906:error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/asn1/d2i_pr.c:96: Why can't it load the key? Here's a list of what's in the dir: server167# ls mrtablecloth-vi.com.cat.pem mrtablecloth-vi.com.csr.bak private.key.bak mrtablecloth-vi.com.crt mrtablecloth-vi.com.pem private.key.pem mrtablecloth-vi.com.crt.bak mrtablecloth-vi.com.pem.bak test mrtablecloth-vi.com.crt.pem mrtablecloth-vi.com.pem_BAK mrtablecloth-vi.com.csr private.key and that private.key fit the description you gave. After I successfully run the above command, assuming that's what I'm supposed to do, I presume I then run a command like this: server167# cat private.key.pem mrtablecloth-vi.com.crt.pem > mrtablecloth-vi.com.cat.pem TIA, beno __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Problem W/ Cert
Marek Marcola wrote:
Okay, I did everything you told me to do. First of all, the crt is a
test crt and has been all along. That's how Verisign works these days.
They give you a test cert until you pay them money.
When I displayed the key, then converted it to pem format and displayed
the converted key, they looked pretty much the same to me. I've included
them below.
The instructions that I'm following <
http://trac.lighttpd.net/trac/wiki/Docs%3ASSL > state I should cat the
crt and the key into a pem file:
$ cat host.key host.crt > host.pem
I tried that with the old key (since they looked identical and since the
new one was a pem file already) and got this error from the server:
server167# /usr/local/sbin/lighttpd -f
/usr/ports/www/lighttpd/doc/lighttpd.conf
Duplicate config variable in conditional 2
global/SERVERsocket==202.71.106.119:443: ssl.pemfile
2006-11-14 11:50:52: (configfile.c.827) source:
/usr/ports/www/lighttpd/doc/lighttpd.conf line: 228 pos: 13 parser
failed somehow near here: (EOL)
The line it chokes on is the server.name:
SSL engine
$SERVER["socket"] == "202.71.106.119:443" {
ssl.engine = "enable"
ssl.pemfile= "/etc/ssl/certs/2012.vi.pem"
ssl.pemfile=
"/etc/ssl/certs/mrtablecloth-vi.com.pem"
ssl.ca-file=
"/etc/ssl/certs/mrtablecloth-vi.com.crt"
server.name= "www.2012.vi"
server.document-root = "/usr/htdocs/"
}
I tried it with the new key/pem file with the same result. What doesn't
it like about the server name? Why is it getting a duplicate
configuration? Because of the cat?
TIA,
beno
server167# openssl base64 -d -in private.key | openssl rsa -inform der
-text -noout
Private-Key: (1024 bit)
modulus:
00:e1:86:57:8c:9d:c0:70:36:4b:cf:ab:af:83:4d:
4f:f8:53:85:e0:f0:3b:13:98:13:63:61:70:4e:43:
59:e5:ab:c9:7a:2c:8a:b0:05:80:e9:e2:e6:ea:8e:
f8:82:80:09:f4:6e:5f:d1:33:1b:90:f8:82:83:73:
b3:ac:77:b4:7f:a4:aa:ea:a5:0b:f5:6a:e7:21:a9:
2e:d3:a6:2e:51:f3:ab:b5:93:09:9f:a0:77:84:5d:
38:dd:f1:fb:4f:a5:2a:da:06:61:8c:dd:8a:f7:f7:
39:ae:e3:31:35:22:b6:51:ac:ad:3f:75:e1:2a:cd:
43:92:50:8f:ec:21:05:f1:93
publicExponent: 65537 (0x10001)
privateExponent:
00:d2:13:ca:49:fa:48:e0:3e:33:b0:67:45:3f:12:
2d:84:2c:89:71:57:56:30:92:60:bd:1a:6e:fa:f8:
52:2d:57:30:7e:d6:2e:fa:78:a5:f5:38:9f:d1:af:
0c:5e:c3:d6:82:12:ae:be:b8:d4:dc:de:20:f5:42:
3a:04:56:1d:93:69:96:95:d1:d6:34:6e:d9:6a:4d:
56:fa:30:4c:0b:fb:4b:aa:cc:ee:04:b3:11:5e:e8:
14:b8:dd:76:5b:c0:06:4a:1f:1c:94:49:c2:0c:75:
98:17:8d:66:b5:00:8a:bd:83:58:b7:8c:0b:d4:de:
81:4a:b1:b9:c1:33:03:4f:41
prime1:
00:f5:9e:91:0a:54:86:93:48:41:ba:10:6f:89:f1:
52:ae:02:17:6f:4b:e0:f6:f4:ec:b1:a5:b0:be:5b:
b3:69:67:c4:4e:36:b2:e6:7d:00:a2:28:08:0e:57:
e7:e7:be:c8:de:37:29:5f:fa:f8:8d:97:89:11:16:
af:21:16:7a:17
prime2:
00:eb:0e:5d:87:13:0e:e0:26:91:ac:5a:a4:e4:b0:
f3:d5:d1:2d:95:ee:d9:ee:7d:da:9f:eb:33:6e:ab:
8c:4e:23:30:66:84:be:7f:29:c8:cd:b8:42:89:0a:
00:9c:7d:7f:49:7c:a6:40:8e:aa:d7:7b:49:69:52:
71:fc:0e:fd:e5
exponent1:
54:8d:d6:be:68:a4:bf:55:13:93:5b:0f:1a:bc:a1:
ca:d7:5b:7b:eb:f2:30:f1:d5:fd:bd:dd:5f:5a:b0:
23:ac:1e:2f:12:b3:79:97:34:bd:9d:ec:50:0b:c1:
00:cd:73:d6:d3:c4:81:8f:23:3b:93:1c:13:6e:ec:
b1:06:4c:d7
exponent2:
68:30:08:e2:cb:5e:c7:9a:30:ed:bd:8b:e3:56:4f:
ee:51:76:ac:43:9f:d3:a7:73:55:79:12:66:16:a1:
ed:2c:89:d2:97:3a:3c:f1:4f:71:68:20:0d:d0:22:
2f:3b:2d:45:6c:7b:e0:97:9c:40:41:04:6c:2b:c0:
1c:62:a4:c5
coefficient:
00:c7:a8:af:b2:90:71:6e:e8:1f:eb:f7:78:d6:76:
0a:27:fa:a3:41:fc:32:7b:64:e1:dd:35:ad:26:67:
73:ff:ee:50:22:c7:c5:25:2f:58:d4:96:db:cc:50:
62:45:d0:5e:ba:fa:66:87:48:94:ca:3b:6a:46:1d:
49:df:34:fb:b3
server167# openssl base64 -d -in private.key | openssl rsa -inform der >
private.key.pem
writing RSA key
server167# openssl rsa -in private.key.pem -text -noout
Private-Key: (1024 bit)
modulus:
00:e1:86:57:8c:9d:c0:70:36:4b:cf:ab:af:83:4d:
4f:f8:53:85:e0:f0:3b:13:98:13:63:61:70:4e:43:
59:e5:ab:c9:7a:2c:8a:b0:05:80:e9:e2:e6:ea:8e:
f8:82:80:09:f4:6e:5f:d1:33:1b:90:f8:82:83:73:
b3:ac:77:b4:7f:a4:aa:ea:a5:0b:f5:6a:e7:21:a9:
2e:d3:a6:2e:51:f3:ab:b5:93:09:9f:a0:77:84:5d:
38:dd:f1:fb:4f:a5:2a:da:06:61:8c:dd:8a:f7:f7:
39:ae:e3:31:35:22:b6:51:ac:ad:3f:75:e1:2a:cd:
43:92:50:8f:ec:21:05:f1:93
publicExponent: 65537 (0x10001)
privateExponent:
00:d2:13:ca:49:fa:48:e0:3e:33:b0:67:45:3f:12:
2d:84:2c:89:71:57:56:30:92:60:bd:1a:6e:fa:f8:
52:2d:57:30:7e:d6:2e:fa:78:a5:f5:38:9f:d1:af:
0c:5e:c3:d6:82:12:ae:be:b8:d4:dc:de:20:f5:42:
3a:04:56:1d:93:69:96:95:d1:d6:34:6e:d9:6a:4d:
56:fa:30:4c:0b:fb:4b:aa:cc:ee:04:b3:11:5e:e8:
14:b8:dd:76:5b:c0:06:4a:1f:1c:94:49:c2:0c:75:
98:17:8d:
Re: Problem W/ Cert
Marek Marcola wrote: > This file is not PEM format, after exporting certificate (under Windows) > from this file to PEM encoded certificate this looks redable under > Linux. > I'm afraid I don't understand what you mean. The file I sent was a *.crt file. What am I to do to get the file to work? Here's the *.pem file, if that helps: MIICXQIBAAKBgQDhhleMncBwNkvPq6+DTU/4U4Xg8DsTmBNjYXBOQ1nlq8l6LIqw BYDp4ubqjviCgAn0bl/RMxuQ+IKDc7Osd7R/pKrqpQv1auchqS7Tpi5R86u1kwmf oHeEXTjd8ftPpSraBmGM3Yr39zmu4zE1IrZRrK0/deEqzUOSUI/sIQXxkwIDAQAB AoGBANITykn6SOA+M7BnRT8SLYQsiXFXVjCSYL0abvr4Ui1XMH7WLvp4pfU4n9Gv DF7D1oISrr641NzeIPVCOgRWHZNplpXR1jRu2WpNVvowTAv7S6rM7gSzEV7oFLjd dlvABkofHJRJwgx1mBeNZrUAir2DWLeMC9TegUqxucEzA09BAkEA9Z6RClSGk0hB uhBvifFSrgIXb0vg9vTssaWwvluzaWfETjay5n0AoigIDlfn577I3jcpX/r4jZeJ ERavIRZ6FwJBAOsOXYcTDuAmkaxapOSw89XRLZXu2e592p/rM26rjE4jMGaEvn8p yM24QokKAJx9f0l8pkCOqtd7SWlScfwO/eUCQFSN1r5opL9VE5NbDxq8ocrXW3vr 8jDx1f293V9asCOsHi8Ss3mXNL2d7FALwQDNc9bTxIGPIzuTHBNu7LEGTNcCQGgw COLLXseaMO29i+NWT+5RdqxDn9Onc1V5EmYWoe0sidKXOjzxT3FoIA3QIi87LUVs e+CXnEBBBGwrwBxipMUCQQDHqK+ykHFu6B/r93jWdgon+qNB/DJ7ZOHdNa0mZ3P/ 7lAix8UlL1jUltvMUGJF0F66+maHSJTKO2pGHUnfNPuz TIA, beno __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Problem W/ Cert
Marek Marcola wrote:
>> server167# openssl x509 -in mrtablecloth-vi.com.pem -text -noout
>> unable to load certificate
>> 67298:error:0906D06C:PEM routines:PEM_read_bio:no start
>> line:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/pem/pem_lib.c:637:Expecting:
>> TRUSTED CERTIFICATE
>>
> Maybe your certificate was issued on Windows and there is
> end-of-line problem. You may try something like dos2ux/dos2unix tools.
>
I found a tool online which I created on the server. The "active
ingredient" is this:
while() {
if ( s/\r\n/\n/ ) {
It returned that it didn't change any line in any of the files.
>>> - check if you have compatible cert and key:
>>> $ openssl x509 -in mrtablecloth-vi.com.pem -modulus -noout
>>>
This gives same as above.
> Of course you should change example file key.pem to your real
> file private.key.
>
I wasn't sure, because what you used as an example looked like some kind
of pem file, and I only had one of those, and that was tied to the cert.
(You can tell I'm new.)
server167# openssl rsa -in private.key -modulus -noout
Modulus=E186578C9DC070364BCFABAF834D4FF85385E0F03B1398136361704E4359E5ABC97A2C8AB00580E9E2E6EA8EF8828009F46E5FD1331B90F8828373B3AC77B47FA4AAEAA50BF56AE721A92ED3A62E51F3ABB593099FA077845D38DDF1FB4FA52ADA06618CDD8AF7F739AEE3313522B651ACAD3F75E12ACD4392508FEC2105F193
That looks good, I presume? So, the only problem is with the trusted
certificate? More ideas?
TIA,
beno
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: Problem W/ Cert
Marek Marcola wrote:
First up...
server167# ls
mrtablecloth-vi.com.crt mrtablecloth-vi.com.csr mrtablecloth-vi.com.pem
private.key
> I suggest:
> - check that certificate is readable with:
> $ openssl x509 -in cert.pem -text -noout
>
server167# openssl x509 -in mrtablecloth-vi.com.pem -text -noout
unable to load certificate
67298:error:0906D06C:PEM routines:PEM_read_bio:no start
line:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/pem/pem_lib.c:637:Expecting:
TRUSTED CERTIFICATE
> - remove all text up to "-BEGIN CERT ..." line
> (some libraries do not like this human readable info)
>
Did that and got the same above results
> - check if you have compatible cert and key:
> $ openssl x509 -in cert.pem -modulus -noout
> $ openssl rsa -in key.pem -modulus -noout
>
server167# openssl rsa -in key.pem -modulus -noout
Error opening Private Key key.pem
67421:error:02001002:system library:fopen:No such file or
directory:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:278:fopen('key.pem','r')
67421:error:20074002:BIO routines:FILE_CTRL:system
lib:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:280:
unable to load Private Key
Looks like I have a number of problems ;) Thanks for this excellent
help. Please help me understand what to do about the trusted cert and
why the private key won't load.
TIA,
beno
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Problem W/ Cert
Hi; I sent this over the weekend and it probably got overlooked. I really need help here, so I'm hoping someone can do that. I'm trying to install a cert and I get this error: 2006-11-10 16:45:17: (network.c.377) SSL: Private key does not match the certificate public key, reason: error:0906D06C:PEM routines:PEM_read_bio:no start line /etc/ssl/certs/mrtablecloth.com.pem So, I deleted everything and tried again. Got the _same_ error. I know darn well I entered the information in everything _exactly_the_same_ the second time in all certs, etc. I'm running LightTPD for the server on FreeBSD 6.1. TIA, beno __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Problem w/ Cert
Hi; I apologize if this is OT...I dunno if it is. But here goes. I'm trying to install a cert and I get this error: 2006-11-10 16:45:17: (network.c.377) SSL: Private key does not match the certificate public key, reason: error:0906D06C:PEM routines:PEM_read_bio:no start line /etc/ssl/certs/mrtablecloth.com.pem So, I deleted everything and tried again. Got the _same_ error. I know darn well I entered the information in everything _exactly_the_same_ the second time in all certs, etc. I'm running LightTPD for the server on FreeBSD 6.1. TIA, beno __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Can't Upgrade! Can't Add Threading! Please Help!
Hi; I have FreeBSD 5.3. I d/l'd the latest distro of openssl, ran: ./config --prefix=/usr/local --openssldir=/usr/local/openssl enable-threads enable-shared make make test make install and everything checked out just fine. However... server167# openssl version OpenSSL 0.9.7d 17 Mar 2004 server167# pwd /usr/ports/www/openssl-0.9.8b So... How do I turn off the old version and turn on the new which should support threading so I can use Pound?? TIA, beno __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
