I'm working on a free BSD version 4.0
If i lookup where openssl.cnf is located i find these
two builds
/usr/local/ssl/openssl.cnf
/usr/src/crypto/openssl/apps/openssl.cnf
The first one is probabely the one i build myself
before i knew openssl was build with FreeBSD which
i persume is the second one.
What i try to do is generate a private key and then a
certificate signing request.
I do this as supposed by the Thawte guide:
Securing Your Apache Web Server with a Thawte Digital
Certificate.
I go to the /usr/src/crypto/openssl/
This directory looks like this:
CHANGES Makefile.org config
include ssl
CHANGES.SSLeay Makefile.ssl crypto mt
test
Configure NEWS demos
openssl.doxy times
FREEBSD-Xlist README dep perl
tools
INSTALL apps doc
private.key util
LICENSE bugs e_os.h rsaref
Makefile certs e_os2.h shlib
I go into the certs directory because i think this is
nice place to keep my certificates and all
In here i do : "Without encryption": openssl genrsa
-out www.domain.com.key 1024
which seems to work nicely and generates my
www.domain.com.key file.
The next step should create a CSR that has the same
modulus as the private key:
openssl req -new -key www.domain.com.key -out
www.domain.com.csr
First when i do just the above it has problems not
being able to find the configfile.
Using configuration from /etc/ssl/openssl.cnf
Unable to load config info
unable to find 'distinguished_name' in config
problems making Certificate Request
The first thing that strikes me is that it's looking
for a config file in a place where it has never been
build.
I mean, i didn't do it and neither did FreeBSD and i
certainly never deleted a build.
But what i try then "not knowing to much about this
system and all" is the following.
I try to make openssl use the config file, i think,
belongs to this build i'm using:
openssl req -new -key www.domain.com.key -out
www.domain.com.csr -config ../apps/openssl.cnf
Then i get to fill out some info and after that i get
this error:
** RSAPrivateEncrypt: Unable to find an RSAREF shared
library (librsaref.so).
** Install the /usr/ports/security/rsaref port or
package and run this
** program again. See Chapter 6.5 in the FreeBSD
Handbook, located at
** http://www.freebsd.org/handbook/openssl.html, for
more information.
63721:error:0D064077:asn1 encoding
routines:a2d_ASN1_OBJECT:first num too large:
/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/asn1/a_object.c:104
:
63721:error:0D064077:asn1 encoding
routines:a2d_ASN1_OBJECT:first num too large:
/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/asn1/a_object.c:104
:
63721:error:0D072006:asn1 encoding
routines:ASN1_sign:bad get asn1 object call:/
usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/asn1/a_sign.c:126:
In not so many words i have posted this problem before
and people start asking me questions like why do you
want to use this and
and you shouldn't use that and so on.
I really don't do things on purpose. I just try to
follow guidelines like those of Thawte, verisign,
or even those on the openSSL site.
I hope if anyone can see through what's going on right
here, and is willing to explain me in quit detail what
to do
to get further in the process of generating the
apropiate files to secure some info being send to my
server back and forth.
Sincerely,
Dirk van der Giesen
__________________________________________________
Do You Yahoo!?
Yahoo! Tax Center - online filing with TurboTax
http://taxes.yahoo.com/
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
