I am trying to get my copy of pure-ftpd running with a signed
certificate and having a horrible time.
I had to send them a csr so i did the following:
openssl genrsa -des3 -out ftp.mydomain.com.key 1024
openssl req -new -key ftp.mydomain.com.key -out ftp.mydomain.com.csr
I got the key signed from godaddy (it was cheap, anyone have any ideas
on their service?) (also they use an intermediate key, does everyone
now? I don't even know if pureftpd can use an intermediate key) and so i
put the necessary files on my ftp machine and fired it up. There is a
problem however, i see this in the log:
Oct 31 17:19:33 ftp pure-ftpd: ([EMAIL PROTECTED]) [ERROR] SSL/TLS
[/etc/pure/private/pure-ftpd.pem]: error:0906406D:PEM
routines:DEF_CALLBACK:problems getting password
I assume since i used des3 generating the key, that is why it's looking
for a password. For ssl enabled web and ftp servers is it commonplace
to create the private key without encryption? Does anyone have an idea
about this error?
I was also wondering, if i were to do the same as above only include the
--passout file:/some/directory/path/file like such:
openssl genrsa -passout file:/etc/pure/pasfile -des3 -out
ftp.mydomain.com.key 1024
that generates the key just fine without me having to type in the
password, but does the key then know to read from that file as well when
it's being used? If so, would that also mean that when pureftpd is
looking for the password, the password file is hardcoded soemhow into
the key and it would be found? I would just try these things, but of
course i have to go through the whole process of generating a new csr
and getting new keys every time i do that from godaddy.
Thanks in advance.
Aaron
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
