On Thu, Jan 12, 2006, Mark wrote: > Samy, > > > Interesting ! > > I just tested with a newly created certificate request > > (newreq.pem) and it goes fine with 'rsa'command ! my version > > is 0.9.7g. Does this an issue with the version ? > > If someone knows please let us know... > > > > I also given below the snapshot(edited) .. > > > > -Samy > > > > > CA.pl -newreq > > > > Generating a 1024 bit RSA private key > > ....................................................++++++ > > .++++++ > > writing new private key to 'newreq.pem' > -- snip -- > > Ah! CA.pl must also write the private key to the certificate request. > However this is not necessary (only the public key and some extra info > need to be there). Our set-up does not include the private key in the > CSR. I guess the OP has done the same. >
The CSR is the part including: -----BEGIN CERTIFICATE REQUEST----- and -----END CERTIFICATE REQUEST----- The private key is that between: -----BEGIN RSA PRIVATE KEY----- and -----END RSA PRIVATE KEY----- If the file doesn't contain the lines for the private key then the 'rsa' command wont work with the "no start line" error. It is possible to write them to the same *file* but not to "include the private key in the CSR". Older versions of the CA.pl script did do that but newer ones write the private key to a separate file. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
