Hi all.
I have trouble with using certificates with openssl.
os : centos5.4
kernel : 2.6.27.29
openssl-ver : 0.9.8e-fips-rhel5
At first, I created "rsa private key" and let's suppose this is test.key.
with "test.key" I generated certificate request. and lets suppose this as
test.csr
with "test.csr" I requested ssl certificate to "verisign.com"
and they gave me a certificates.
and I save it as "test.crt".
with this certificate, I try to run vnc reflect server.
my system requires "pem" file which includes rsa private key.
in here, I use openssl.
so, I concatenated test.key and test.crt as "test.pem"
when I verify test.pem with openssl,
(openssl verify test.pem), it says OK.
when I print out the contains,
(openssl x509 -in test.pem -text)
it shows
==========================================================================================
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
16:81:64:a4:28:ca:12:df:ab:12:f1:9f:b1:b9:35:54
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=VeriSign, Inc., OU=For Test Purposes Only. No
assurances., CN=VeriSign Trial Secure Server Root CA - G2
Validity
Not Before: Apr 1 00:00:00 2009 GMT
Not After : Mar 31 23:59:59 2029 GMT
Subject: C=US, O=VeriSign, Inc., OU=For Test Purposes Only. No
assurances., CN=VeriSign Trial Secure Server Root CA - G2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
.....omitted......
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
1.3.6.1.5.5.7.1.12:
0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif
X509v3 Subject Key Identifier:
48:19:E7:92:6F:92:9D:34:63:99:C0:F0:99:C8:D6:A5:8C:8C:7F:65
Signature Algorithm: sha1WithRSAEncryption
............omitted...........
-----BEGIN CERTIFICATE-----
..........omitted.............
-----END CERTIFICATE-----
==========================================================================================
when I open test.pem
this file shows.
==========================================================================================
-----BEGIN RSA PRIVATE KEY-----
...........omitted..............
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
...............omitted...............
-----END CERTIFICATE-----
=========================================================================================
so I started my vnc reflect server
but, it shows error message
=========================================================================================
openssl_init: SSL_CTX_use_certificate_chain_file() failed.
ssl error: error:0906D06C:PEM routines:PEM_read_bio:no start line
=========================================================================================
my test.pem file itself definitely has a start line.
but, it shows that kind of error message.
Searching google and the archives of this list turned nothing up
so I'm hoping someone here can help shed some light on this issue.
Thanks in advance.
