I recently began developing a plugin that uses openssl and while doing that I developed a set of certificates that I could use(I used the steps detailed at http://www.pseudonym.org/ssl/wwwj-index.html) These certificates have since expired, so I have to generate some more. I have followed the steps in the above web page but the key certificate looks different this time and is causing problems in my plugin. The old key file looked like this: -----BEGIN RSA PRIVATE KEY----- MIICXgIBAAKBgQC554Ro+VH..... -----END RSA PRIVATE KEY-----
The new one looks like this: -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,65C2CF13E06D60D0 fk7ZGTzDNXmI/IZL/VG+3CUIjh...... -----END RSA PRIVATE KEY----- The steps I used to create this new client key are: openssl req -new -x509 -keyout ./private/cakey.pem -out ./private/cacert.pem -config /usr/src/crypto/openssl/apps/openssl.cnf openssl req -new -keyout newkey.pem -out newreq.pem -days 1000 -config /usr/src/crypto/openssl/apps/openssl.cnf cat newreq.pem newkey.pem > new.pem openssl ca -policy policy_anything -out newcert.pem -config /usr/src/crypto/openssl/apps/openssl.cnf -infiles new.pem When I try and use this new key in my plugin I get the following error: 13822:error:06065064:digital envelope routines:EVP_DecryptFinal:bad decrypt:evp_enc.c:277: 13822:error:0906A065:PEM routines:PEM_do_header:bad decrypt:pem_lib.c:451: 13822:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:missing asn1 eos:ssl_rsa.c:706: The method that is throwing up this error is SSL_CTX_use_PrivateKey_file(ctx, clientKeyFile,SSL_FILETYPE_PEM) where clientKeyFile is the path and filename of the client key. Should I be using a different method to load this new client key? Or is there more behind it? What would be useful too is if someone could point out how to generate a key like my original one(as a workaround). Thanks in advance Dermot Grace __________________________________________________ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
