Hi All, I am working on my first openssl program and it is driving me a tad crazy.
I found this article online: http://www.linuxjournal.com/article/4822 and thought I would use that as a starting point. So I compiled the sourcecode and everything seemed to be going smoothly until I ran it. [EMAIL PROTECTED] example]$ ./wserver & [1] 19517 [EMAIL PROTECTED] example]$ ./wclient Certificate doesn't verify SSL read problem So it looks like the certificates that came with the demo code were not working... so I did: ====================== Backed up the example certificates ====================== [EMAIL PROTECTED] example]$ mkdir old [EMAIL PROTECTED] example]$ mv *.pem ./old ===================== Create a new certificate authority ===================== [EMAIL PROTECTED] example]$ /etc/ssl/misc/CA.pl -newca CA certificate filename (or enter to create) Making CA certificate ... Generating a 1024 bit RSA private key ...++++++ ............++++++ writing new private key to './demoCA/private/cakey.pem' <SNIP> ==================== Create a new certificate request ==================== [EMAIL PROTECTED] example]$ /etc/ssl/misc/CA.pl -newreq Generating a 1024 bit RSA private key .........++++++ ...++++++ writing new private key to 'newreq.pem' <SNIP> Request (and private key) is in newreq.pem ==================== Signed the request ==================== [EMAIL PROTECTED] example]$ /etc/ssl/misc/CA.pl -sign Using configuration from /etc/ssl/openssl.cnf Enter pass phrase for ./demoCA/private/cakey.pem: Check that the request matches the signature Signature ok <SNIP> Certificate is to be certified until Mar 23 11:25:05 2006 GMT (365 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated Signed certificate is in newcert.pem =========================================== Copy the new certificate over to server.pem and deleted the request. =========================================== [EMAIL PROTECTED] example]$ mv newcert.pem server.pem [EMAIL PROTECTED] example]$ rm newreq.pem ===================== Did the same thing for client.pem ===================== [EMAIL PROTECTED] example]$ /etc/ssl/misc/CA.pl -newreq [EMAIL PROTECTED] example]$ /etc/ssl/misc/CA.pl -sign [EMAIL PROTECTED] example]$ mv newcert.pem client.pem [EMAIL PROTECTED] example]$ rm newreq.pem Now is where things get a little fuzzy for me. I dont really know what root.pem is, so I copied ./demoCA/cacerts.pem to root.pem [EMAIL PROTECTED] example]$ cp demoCA/cacert.pem root.pem And I dont really know what dh1024.pem is so I just used the one that came with it... [EMAIL PROTECTED] example]$ cp old/dh1024.pem . Now when I run the server: [EMAIL PROTECTED] example]$ ./wserver Can't read key file 19549:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:637:Expecting: ANY PRIVATE KEY 19549:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib:ssl_rsa.c:709: So it looks like I have taken a giant step backwards..... :/ If anyone can give me hand or some helpful tips I would be very grateful. Thank you, Samuel Winchenbach University of Maine Electrical Engineering ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
