[FWD] problem in privete key
Forwarded to openssl-users for public discussion. Best regards, Lutz - Forwarded message from praveen kumar kapraveen1...@indiatimes.com - Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=private; d=indiatimes.com; b=dD+HXBj14rLD29R6lgucpGQSSko3eDZ3iy+mf5ruwak/rNVEH9kuetEhjJCUVtVt ; Date: Sat, 29 Jan 2011 14:49:21 +0530 (IST) From: praveen kumar kapraveen1...@indiatimes.com To: r...@openssl.org Subject: problem in privete key Dear friend This is praveenkumar working as a app developer from Linkwell telesystems,hyderabad,India. i have a problem in ssl while hitting the server with the certificate provided by server.i am using openssl tool in linux. When i tried to execute client with the certificate in the command line ,i am getting the error like this openSSLs_client -connect ip:port -cert certfile.crt ERROR: unable to load client certificate private key file 3077682908:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:698:Expecting: ANY PRIVATE KEY error in s_client This is the sample certificate file file name:certfile.crt date inside the file like this -BEGIN CERTIFICATE- MIICsTCCAhqgAwIBAAIETPcsXzANBgkqhkiG9w0BAQUFADCBnDEoMCYGCSqGSIb3 DQEJARYZY2FAb2xpdmVjcnlwdG9zeXN0ZW1zLmNvbTELMAkGA1UEBhMCSU4xCzAJ BgNVBAgTAktBMRIwEAYDVQQHEwlCYW5nYWxvcmUxITAfBgNVBAoTGE9saXZlIENy eXB0byBTeXN0ZW1zIExMUDEPMA0GA1UECxMGU3dpdGNoMQ4wDAYDVQQDEwVPbGl2 ZTAeFw0xMDEyMDIwNTE5MjdaFw0yMDEyMDIwNTE5MjdaMIGcMSgwJgYJKoZIhvcN AQkBFhljYUBvbGl2ZWNyeXB0b3N5c3RlbXMuY29tMQswCQYDVQQGEwJJTjELMAkG A1UECBMCS0ExEjAQBgNVBAcTCUJhbmdhbG9yZTEhMB8GA1UEChMYT2xpdmUgQ3J5 cHRvIFN5c3RlbXMgTExQMQ8wDQYDVQQLEwZTd2l0Y2gxDjAMBgNVBAMTBU9saXZl MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJ7Qfr4rXC8H77UIgP5YGEtQTr hU3qVZtN+X5ysZVjITyyuxiqkXPzWASvNQK5NwO4VB05SwGNEop2NEIY8d+P87Hg qDGL5f9D5qPg7nvkzPQcZZkJhpGJ79Vvdz6+fQGkiQNBN8dgwXXCi0L2HMaec2V0 IUB7lAwAck16umfhqQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAMJXmsV22EYUJ6GD hx0lVlj23wwvdGeGqRWU3zFE/7d9kRWxG0YrTkYBKwerN4DflkCm1Glodt6Rhkwy Jvspbc7dell11wy+YeXl4c7zsumQcXOgSuWtiaLiiJw12uZVjFYmEBfdZ4zrJpYW mcaIGD1l4WsXGEesFA859g3ZiK52 -END CERTIFICATE- This is file sent by the server.please any one help me to connect to the server. Thanksregards K.A.Praveenkumar - End forwarded message - -- Lutz Jaenicke jaeni...@openssl.org OpenSSL Project http://www.openssl.org/~jaenicke/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: [FWD] problem in privete key
On 1/31/2011 12:25 AM, Lutz Jaenicke wrote: Dear friend This is praveenkumar working as a app developer from Linkwell telesystems,hyderabad,India. i have a problem in ssl while hitting the server with the certificate provided by server.i am using openssl tool in linux. When i tried to execute client with the certificate in the command line ,i am getting the error like this openSSLs_client -connect ip:port -cert certfile.crt ERROR: unable to load client certificate private key file 3077682908:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:698:Expecting: ANY PRIVATE KEY error in s_client This is the sample certificate file file name:certfile.crt date inside the file like this -BEGIN CERTIFICATE- [snip] -END CERTIFICATE- This is file sent by the server.please any one help me to connect to the server. If the file is sent by the server, why are you passing it so s_client? The '-cert' option, when passed to 's_client' is used to specify a *client* certificate. Without a corresponding private key, it won't work. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: [FWD] problem in privete key
From: owner-openssl-us...@openssl.org On Behalf Of David Schwartz Sent: Monday, 31 January, 2011 09:50 To: openssl-users@openssl.org Cc: Lutz Jaenicke; praveen kumar On 1/31/2011 12:25 AM, Lutz Jaenicke [forwarded]: openSSLs_client -connect ip:port -cert certfile.crt ERROR: unable to load client certificate private key file 3077682908:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:698:Expecting: ANY PRIVATE KEY date inside the file like this -BEGIN CERTIFICATE- [snip] -END CERTIFICATE- This is file sent by the server.please any one help me to connect to the server. If the file is sent by the server, why are you passing it so s_client? If you look at the cert it appears to be a (private) CA cert. At least, it is self-signed with subject=issuer containing emailAddress=c...@olivecryptosystems.com . If you want to use this cert _as the CAcert to verify the server_ use s_client -CAfile certfile.crt (And perhaps other servers in the same organization.) Note commandline s_client will make the connection even if the server (cert) isn't verified (e.g. no CAcert at all). However other software, particularly other software using openssl library, usually won't, at least not by default. The '-cert' option, when passed to 's_client' is used to specify a *client* certificate. Without a corresponding private key, it won't work. That's true. Although s_client can accept cert and key in separate files or both in one file. That's why you get the mildly confusing error about expecting ANY PRIVATE KEY [in certfile]. Note that it isn't crazy in some cases for a server to also act as a CA issuing certs to (acceptable) clients. Properly speaking you should still distinguish these roles, the server acting as CA vs. the server acting as server for data sessions, but people often don't. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org