On Thu, Apr 18, 2002 at 06:15:11AM -0400, Dirk van der Giesen wrote: > I'm working on a free BSD version 4.0 > If i lookup where openssl.cnf is located i find these two builds
by default, OpenSSL configuration file is located in /etc/ssl BTW, you should upgrade your system to FreeBSD 4.5-STABLE > > /usr/local/ssl/openssl.cnf > /usr/src/crypto/openssl/apps/openssl.cnf > > The first one is probabely the one i build myself before i knew > openssl was build with FreeBSD which > i persume is the second one. /usr/src is FreeBSD base and kernel source directory > > What i try to do is generate a private key and then a certificate > signing request. > > I do this as supposed by the Thawte guide: > Securing Your Apache Web Server with a Thawte Digital Certificate. > > I go to the /usr/src/crypto/openssl/ STOP! NOT HERE, this is system source, you'll lose all your files when make updating of sources. > > This directory looks like this: > > CHANGES Makefile.org config include ssl > CHANGES.SSLeay Makefile.ssl crypto mt test > Configure NEWS demos openssl.doxy times > FREEBSD-Xlist README dep perl tools > INSTALL apps doc private.key util > LICENSE bugs e_os.h rsaref > Makefile certs e_os2.h shlib > > I go into the certs directory because i think this is nice place to > keep my certificates and all > In here i do : "Without encryption": openssl genrsa -out > www.domain.com.key 1024 > > which seems to work nicely and generates my www.domain.com.key file. > > The next step should create a CSR that has the same modulus as the private > key: > openssl req -new -key www.domain.com.key -out www.domain.com.csr > > First when i do just the above it has problems not being able to find > the configfile. > > Using configuration from /etc/ssl/openssl.cnf Heh, you see, /usr/bin/openssl using /etc/ssl/openssl.cnf. This is openssl from base system. > Unable to load config info > unable to find 'distinguished_name' in config > problems making Certificate Request > > The first thing that strikes me is that it's looking for a config > file in a place where it has never been build. > I mean, i didn't do it and neither did FreeBSD and i certainly never > deleted a build. > > But what i try then "not knowing to much about this system and all" > is the following. > I try to make openssl use the config file, i think, belongs to this > build i'm using: > > openssl req -new -key www.domain.com.key -out www.domain.com.csr > -config ../apps/openssl.cnf > > Then i get to fill out some info and after that i get this error: > > ** RSAPrivateEncrypt: Unable to find an RSAREF shared library > (librsaref.so). > ** Install the /usr/ports/security/rsaref port or package and run this > ** program again. See Chapter 6.5 in the FreeBSD Handbook, located at > ** http://www.freebsd.org/handbook/openssl.html, for more information. Upgrade :) > 63721:error:0D064077:asn1 encoding routines:a2d_ASN1_OBJECT:first num > too large: > /usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/asn1/a_object.c:104 > : > 63721:error:0D064077:asn1 encoding routines:a2d_ASN1_OBJECT:first num > too large: > /usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/asn1/a_object.c:104 > : > 63721:error:0D072006:asn1 encoding routines:ASN1_sign:bad get asn1 > object call:/ > usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/asn1/a_sign.c:126: > > > In not so many words i have posted this problem before and people > start asking me questions like why do you want to use this and > and you shouldn't use that and so on. > > I really don't do things on purpose. I just try to follow guidelines > like those of Thawte, verisign, > or even those on the openSSL site. > > I hope if anyone can see through what's going on right here, and is > willing to explain me in quit detail what to do > to get further in the process of generating the apropiate files to > secure some info being send to my server back and forth. > > Sincerely, > > Dirk van der Giesen > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > -- rgdz curly -------------------- http://www.e-card.bg -------------------- PGP keyID: 0xC005C5CA Key fingerprint = F3 46 26 21 8F F0 5E 19 5B B3 34 08 24 9E 71 13 C0 05 C5 CA http://certs.e-card.bg:11371/pks/lookup?op=get&search=0xC005C5CA
msg25163/pgp00000.pgp
Description: PGP signature
