Oh, I should mention that I [ssl] # apachectl startssl will start apache wil ssl support (other than the error about virtual hosts) but how can I trust that with the error messages I got, which seem to relate to the encryption routine ???
[EMAIL PROTECTED] wrote: > > Hi. Sorry about being off-topic. > I had some, for me, un-decipherable error messages when trying to sign > my own certificate. > First I created my private key and certificate signing request : > [ssl]# openssl genrsa -des3 -out sever.key 1024 > [ssl]# openssl req -new -key server.key -out server.csr > Then I created my own certificate authority: > [ssl]# openssl genrsa -des3 -out ca.key 1024 > Next, I created a self-signed CA certificate with my rsa key: > [ssl]# openssl req -new -x509 -days 365 -key ca.key -out ca.crt > Finally, I attempted to sign the ca.crt > [ssl]# ./sign.sh private/server.csr > > Here is the tail-end of the output : > ... > Certificate is to be certified until Jul 29 16:00:25 2004 GMT (365 days) > Sign the certificate? [y/n]:y > > 1 out of 1 certificate requests certified, commit? [y/n]y > Write out database with 1 new entries > Data Base Updated > CA verifying: private/server.crt <-> CA cert > private/server.crt: /C=HK/ST=HK/O=SAYS I.T. Co. > Ltd./CN=www.saysit.com.hk/[EMAIL PROTECTED] > error 18 at 0 depth lookup:self signed certificate > /C=HK/ST=HK/O=SAYS I.T. Co. > Ltd./CN=www.saysit.com.hk/[EMAIL PROTECTED] > error 7 at 0 depth lookup:certificate signature failure > 2117:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block > type is not 01:rsa_pk1.c:100: > 2117:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check > failed:rsa_eay.c:396: > 2117:error:0D079006:asn1 encoding routines:ASN1_verify:bad get asn1 > object call:a_verify.c:109: > [ssl]# > > OpenSSL went and created the certificates "server.crt as in httpd.conf's > "SSLCertificateFile /path/to/this/server.crt" > I hesitate to use it because of these error messages. > Can someone see where I might have gone wrong and how to rectify that > ??? > TIA :( > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
