Re: [OFF TOPIC ] Openssl..error creating server.crt ???
I should add that openssl.cnf is same RH default directory and I have edited it a tiny bit. [EMAIL PROTECTED] wrote: > > >> I had some, for me, un-decipherable error messages when trying to sign > >> my own certificate. > >> First I created my private key and certificate signing request : > >> [ssl]# openssl genrsa -des3 -out sever.key 1024 > >> [ssl]# openssl req -new -key server.key -out server.csr > >> Then I created my own certificate authority: > >> [ssl]# openssl genrsa -des3 -out ca.key 1024 > >> Next, I created a self-signed CA certificate with my rsa key: > >> [ssl]# openssl req -new -x509 -days 365 -key ca.key -out ca.crt > >> Finally, I attempted to sign the ca.crt > >> [ssl]# ./sign.sh private/server.csr > > These seem to be very much like the ones listed in the mod_ssl faq. > http://www.modssl.org/docs/2.8/ssl_faq.html#ToC29 > > >> 2117:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block > >> type is not 01:rsa_pk1.c:100: > > Just out of curiosity, when sign.sh run the commands > > openssl ca -config ... > > what is the argument to -config? Is the CA_Authority section in that > configuration file referencing your CA? > > -- > Steve > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[OFF TOPIC ] Openssl..error creating server.crt ???
Hi Steve. Well actually, nothing ! ... CA signing: private/server.csr -> private/server.crt: Using configuration from ca.config Enter PEM pass phrase: ... and so forth. But it doesn't tell me what are the configuration parameters. I tried this a few times, always the same error messages but it builds the requisite server.crt at the end. Is ca.config some file I am suposed t have, t is very hard to find anything in RedHat. TIA [EMAIL PROTECTED] wrote: > > >> I had some, for me, un-decipherable error messages when trying to sign > >> my own certificate. > >> First I created my private key and certificate signing request : > >> [ssl]# openssl genrsa -des3 -out sever.key 1024 > >> [ssl]# openssl req -new -key server.key -out server.csr > >> Then I created my own certificate authority: > >> [ssl]# openssl genrsa -des3 -out ca.key 1024 > >> Next, I created a self-signed CA certificate with my rsa key: > >> [ssl]# openssl req -new -x509 -days 365 -key ca.key -out ca.crt > >> Finally, I attempted to sign the ca.crt > >> [ssl]# ./sign.sh private/server.csr > > These seem to be very much like the ones listed in the mod_ssl faq. > http://www.modssl.org/docs/2.8/ssl_faq.html#ToC29 > > >> 2117:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block > >> type is not 01:rsa_pk1.c:100: > > Just out of curiosity, when sign.sh run the commands > > openssl ca -config ... > > what is the argument to -config? Is the CA_Authority section in that > configuration file referencing your CA? > > -- > Steve > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [OFF TOPIC ] Openssl..error creating server.crt ???
>> I had some, for me, un-decipherable error messages when trying to sign >> my own certificate. >> First I created my private key and certificate signing request : >> [ssl]# openssl genrsa -des3 -out sever.key 1024 >> [ssl]# openssl req -new -key server.key -out server.csr >> Then I created my own certificate authority: >> [ssl]# openssl genrsa -des3 -out ca.key 1024 >> Next, I created a self-signed CA certificate with my rsa key: >> [ssl]# openssl req -new -x509 -days 365 -key ca.key -out ca.crt >> Finally, I attempted to sign the ca.crt >> [ssl]# ./sign.sh private/server.csr These seem to be very much like the ones listed in the mod_ssl faq. http://www.modssl.org/docs/2.8/ssl_faq.html#ToC29 >> 2117:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block >> type is not 01:rsa_pk1.c:100: Just out of curiosity, when sign.sh run the commands openssl ca -config ... what is the argument to -config? Is the CA_Authority section in that configuration file referencing your CA? -- Steve - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [OFF TOPIC ] Openssl..error creating server.crt ???
Oh, I should mention that I [ssl] # apachectl startssl will start apache wil ssl support (other than the error about virtual hosts) but how can I trust that with the error messages I got, which seem to relate to the encryption routine ??? [EMAIL PROTECTED] wrote: > > Hi. Sorry about being off-topic. > I had some, for me, un-decipherable error messages when trying to sign > my own certificate. > First I created my private key and certificate signing request : > [ssl]# openssl genrsa -des3 -out sever.key 1024 > [ssl]# openssl req -new -key server.key -out server.csr > Then I created my own certificate authority: > [ssl]# openssl genrsa -des3 -out ca.key 1024 > Next, I created a self-signed CA certificate with my rsa key: > [ssl]# openssl req -new -x509 -days 365 -key ca.key -out ca.crt > Finally, I attempted to sign the ca.crt > [ssl]# ./sign.sh private/server.csr > > Here is the tail-end of the output : > ... > Certificate is to be certified until Jul 29 16:00:25 2004 GMT (365 days) > Sign the certificate? [y/n]:y > > 1 out of 1 certificate requests certified, commit? [y/n]y > Write out database with 1 new entries > Data Base Updated > CA verifying: private/server.crt <-> CA cert > private/server.crt: /C=HK/ST=HK/O=SAYS I.T. Co. > Ltd./CN=www.saysit.com.hk/[EMAIL PROTECTED] > error 18 at 0 depth lookup:self signed certificate > /C=HK/ST=HK/O=SAYS I.T. Co. > Ltd./CN=www.saysit.com.hk/[EMAIL PROTECTED] > error 7 at 0 depth lookup:certificate signature failure > 2117:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block > type is not 01:rsa_pk1.c:100: > 2117:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check > failed:rsa_eay.c:396: > 2117:error:0D079006:asn1 encoding routines:ASN1_verify:bad get asn1 > object call:a_verify.c:109: > [ssl]# > > OpenSSL went and created the certificates "server.crt as in httpd.conf's > "SSLCertificateFile /path/to/this/server.crt" > I hesitate to use it because of these error messages. > Can someone see where I might have gone wrong and how to rectify that > ??? > TIA :( > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[OFF TOPIC ] Openssl..error creating server.crt ???
Hi. Sorry about being off-topic. I had some, for me, un-decipherable error messages when trying to sign my own certificate. First I created my private key and certificate signing request : [ssl]# openssl genrsa -des3 -out sever.key 1024 [ssl]# openssl req -new -key server.key -out server.csr Then I created my own certificate authority: [ssl]# openssl genrsa -des3 -out ca.key 1024 Next, I created a self-signed CA certificate with my rsa key: [ssl]# openssl req -new -x509 -days 365 -key ca.key -out ca.crt Finally, I attempted to sign the ca.crt [ssl]# ./sign.sh private/server.csr Here is the tail-end of the output : ... Certificate is to be certified until Jul 29 16:00:25 2004 GMT (365 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated CA verifying: private/server.crt <-> CA cert private/server.crt: /C=HK/ST=HK/O=SAYS I.T. Co. Ltd./CN=www.saysit.com.hk/[EMAIL PROTECTED] error 18 at 0 depth lookup:self signed certificate /C=HK/ST=HK/O=SAYS I.T. Co. Ltd./CN=www.saysit.com.hk/[EMAIL PROTECTED] error 7 at 0 depth lookup:certificate signature failure 2117:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01:rsa_pk1.c:100: 2117:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay.c:396: 2117:error:0D079006:asn1 encoding routines:ASN1_verify:bad get asn1 object call:a_verify.c:109: [ssl]# OpenSSL went and created the certificates "server.crt as in httpd.conf's "SSLCertificateFile /path/to/this/server.crt" I hesitate to use it because of these error messages. Can someone see where I might have gone wrong and how to rectify that ??? TIA :( - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
