Hi all. I have trouble with using certificates with openssl.
os : centos5.4 kernel : 2.6.27.29 openssl-ver : 0.9.8e-fips-rhel5 At first, I created "rsa private key" and let's suppose this is test.key. with "test.key" I generated certificate request. and lets suppose this as test.csr with "test.csr" I requested ssl certificate to "verisign.com" and they gave me a certificates. and I save it as "test.crt". with this certificate, I try to run vnc reflect server. my system requires "pem" file which includes rsa private key. in here, I use openssl. so, I concatenated test.key and test.crt as "test.pem" when I verify test.pem with openssl, (openssl verify test.pem), it says OK. when I print out the contains, (openssl x509 -in test.pem -text) it shows ========================================================================================== Certificate: Data: Version: 3 (0x2) Serial Number: 16:81:64:a4:28:ca:12:df:ab:12:f1:9f:b1:b9:35:54 Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=VeriSign, Inc., OU=For Test Purposes Only. No assurances., CN=VeriSign Trial Secure Server Root CA - G2 Validity Not Before: Apr 1 00:00:00 2009 GMT Not After : Mar 31 23:59:59 2029 GMT Subject: C=US, O=VeriSign, Inc., OU=For Test Purposes Only. No assurances., CN=VeriSign Trial Secure Server Root CA - G2 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): .....omitted...... Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign 1.3.6.1.5.5.7.1.12: 0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif X509v3 Subject Key Identifier: 48:19:E7:92:6F:92:9D:34:63:99:C0:F0:99:C8:D6:A5:8C:8C:7F:65 Signature Algorithm: sha1WithRSAEncryption ............omitted........... -----BEGIN CERTIFICATE----- ..........omitted............. -----END CERTIFICATE----- ========================================================================================== when I open test.pem this file shows. ========================================================================================== -----BEGIN RSA PRIVATE KEY----- ...........omitted.............. -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- ...............omitted............... -----END CERTIFICATE----- ========================================================================================= so I started my vnc reflect server but, it shows error message ========================================================================================= openssl_init: SSL_CTX_use_certificate_chain_file() failed. ssl error: error:0906D06C:PEM routines:PEM_read_bio:no start line ========================================================================================= my test.pem file itself definitely has a start line. but, it shows that kind of error message. Searching google and the archives of this list turned nothing up so I'm hoping someone here can help shed some light on this issue. Thanks in advance.