Hi Samuel, On Wed, Mar 23, 2005, lists wrote: > I found this article online: http://www.linuxjournal.com/article/4822 and > thought I would use that as a starting point. So I compiled the > sourcecode and everything seemed to be going smoothly until I ran it. > > [EMAIL PROTECTED] example]$ ./wserver & > [1] 19517 > [EMAIL PROTECTED] example]$ ./wclient > Certificate doesn't verify > SSL read problem > > So it looks like the certificates that came with the demo > code were not working... :
yep, they are expired ... > =========================================== > Copy the new certificate over to server.pem and deleted the request. > =========================================== deleting the request was not so good as the request contains the private key. server.pem should contain the concatenation of the private key and the cert (see the original server.pem file) > > [EMAIL PROTECTED] example]$ mv newcert.pem server.pem > [EMAIL PROTECTED] example]$ rm newreq.pem > > ===================== > Did the same thing for client.pem > ===================== again without the private key > > [EMAIL PROTECTED] example]$ /etc/ssl/misc/CA.pl -newreq > [EMAIL PROTECTED] example]$ /etc/ssl/misc/CA.pl -sign > [EMAIL PROTECTED] example]$ mv newcert.pem client.pem > [EMAIL PROTECTED] example]$ rm newreq.pem > > > > Now is where things get a little fuzzy for me. I dont really know what > root.pem is, so I copied ./demoCA/cacerts.pem to root.pem ok > > [EMAIL PROTECTED] example]$ cp demoCA/cacert.pem root.pem > > And I dont really know what dh1024.pem is so I just used the one that came > with it... > > [EMAIL PROTECTED] example]$ cp old/dh1024.pem . > > Now when I run the server: > > [EMAIL PROTECTED] example]$ ./wserver > Can't read key file > 19549:error:0906D06C:PEM routines:PEM_read_bio:no start > line:pem_lib.c:637:Expecting: ANY PRIVATE KEY > 19549:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM > lib:ssl_rsa.c:709: yep, no private key present hence this error message Cheers, Nils -- Nils Larsch [EMAIL PROTECTED] OpenSSL Project http://www.openssl.org/~nils/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
