Re: certificate help?

Norman Zhang Tue, 17 Jul 2001 16:00:04 -0700
Thanks Richard. Your post does clarify much of my confusion. But I am still
stuck in concatenating the certificate with the private key. I first create
a self signed cacert.pem using,

> openssl req -newkey rsa:1024 -x509 -keyout cacert.pem -out cacert.pem

Then I created CA directories and files,

> CA.pl -newca

Then I created a different key and request. And signed using CA.pl

> openssl req -newkey rsa:1024 -keyout newreq.pem -out newreq.pem
> CA.pl -signreq

Finally, I concatenate the private key from newreq.pem to the bottom of the
newly created newcert.pem. But when I tried to login to the server, I get a
timeout. Would someone please help me?

Thanks and Regards,
Norman

----- Original Message -----
From: "Richard Levitte - VMS Whacker" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Tuesday, July 17, 2001 1:35 AM
Subject: Re: certificate help?


From: "Norman Zhang" <[EMAIL PROTECTED]>

nzhang> But why is the default certificate that came with Linux
nzhang> Mandrake 8.0 box has the private key in it? And it works;
nzhang> however, if use the ones that I created myself, the connection
nzhang> times out after a long delay.

Ah, the file that comes with Mandrake contains a certificate and the
corresponding private key.  Many incorrectly refers to such a file as
"the certificate".  A certificate proper is, however, only what you
find between these lines:

     -----BEGIN CERTIFICATE-----
     -----END CERTIFICATE-----

While the private key proper is what you find between the following
lines:

     -----BEGIN RSA PRIVATE KEY-----
     -----END RSA PRIVATE KEY-----

The file that you're talking about is a concatenation of these two
things.  It's quite practical to do it this way, since a server needs
both anyway.

(I assume that we're talking about PEM-formated certificates and keys
here, BTW)

--
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken  \ S-168 35  BROMMA  \ T: +46-8-26 52 47
                    \      SWEDEN       \ or +46-733-72 88 11
Procurator Odiosus Ex Infernis                -- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Software Engineer, GemPlus:             http://www.gemplus.com/

Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
Re: certificate help?

Reply via email to
