Hi all,
Here's my situation... I'm trying to
produce certs and keys with the Java security packages
for use in my ssl enabled web server. The problem is
that when I try to start apache in SSL mode, it
doesn't like my server cert's private key. The Java
docs say that the private key I generated
Actually, this doesn't work. This is a question I've been wanting an answer to for a
while: Whenever you create a CSR w/ a tool like RSA's (or with a server like Netscape
that uses RSA's code), the private key is generated as a DER encoded PKCS8 file of 670
bytes (for a 1024 bit RSA key). But
[EMAIL PROTECTED] wrote:
>
> Actually, this doesn't work. This is a question I've been wanting an answer to for a
>while: Whenever you create a CSR w/ a tool like RSA's (or with a server like
>Netscape that uses RSA's code), the private key is generated as a DER encoded PKCS8
>file of 670 byt
openssl asn1parse -inform DER -in mycert.key
0:d=0 hl=4 l= 666 cons: SEQUENCE
4:d=1 hl=2 l= 27 cons: SEQUENCE
6:d=2 hl=2 l= 10 prim: OBJECT:pbeWithSHA1And128BitRC4
18:d=2 hl=2 l= 13 cons: SEQUENCE
20:d=3 hl=2 l= 8 prim: OCTET STRING
30:d=3
[EMAIL PROTECTED] wrote:
>
> openssl asn1parse -inform DER -in mycert.key
> 0:d=0 hl=4 l= 666 cons: SEQUENCE
> 4:d=1 hl=2 l= 27 cons: SEQUENCE
> 6:d=2 hl=2 l= 10 prim: OBJECT:pbeWithSHA1And128BitRC4
> 18:d=2 hl=2 l= 13 cons: SEQUENCE
> 20:d=3 hl=2 l= 8 prim: OCTET STRING
> 3
nerated keys/certs w/ openssl & vice versa.
-Original Message-
From: Dr Stephen Henson <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Thursday, March 23, 2000 3:17 AM
Subject: Re: PKCS8 question
>[EMAIL PROTECTED] wrote:
>>
>> Actual
John Byrd wrote:
>
> I've generated a trivial 1024-bit RSA key using RSA's Crypto-J CertReqTool.
> The tool doesn't offer an
> opportunity to create the key unencrypted (I don't think), but when it
> prompted for a password I entered a blank. Tell me what you think. It would
> be nice to use Cry
Well, you know what? I tried making another request/key, this time w/ a
password and it worked just fine. Spooky isn't it? One day I'll discover
what I was doing wrong on the other attempts, but that knowledge is
withheld from me tonight.
OK, so now I've got a related issue to solve. The RSA
Wasn't the blank line at all. When I loaded the request into vi, I saw each
line had those nasty 0xD's on the end. Chopped those off and it worked.
(The RSA Certificate Engine is Java-based, but seems for some reason to
work best on NT. This particular request, however, was generated on Linux.)
[EMAIL PROTECTED] wrote:
> ...At any
> rate, I can't sign it w/ my openssl-generate CA cert, and I can't
> convert it using openssl x509.
This may seem rather pedandic, but you don't sign things with
a cert -- you do so with the private key associated with the
public key that's baked into a cert
10 matches
Mail list logo
