Hello,
I'm trying to build openssl keys to be used in a client/server connection and neeed some step by step guide for this, as I'm doing it for the first time. I found and started with the following procedure: http://acs.lbl.gov/~boverhof/openssl_certs.html Generating Client/Server certificates with a local CA Generate a CA 1) openssl req -out ca.pem -new -x509 -generates CA file "ca.pem" and CA key "privkey.pem" Generate server certificate/key pair - no password required. 2) openssl genrsa -out server.key 1024 3) openssl req -key server.key -new -out server.req 4) openssl x509 -req -in server.req -CA ca.pem -CAkey privkey.pem -CAserial file.srl -out server.pem (contents of "file.srl" is a two digit number. eg. "00") Generate client certificate/key pair 5) Either choose to encrypt the key(a) or not(b) a. Encrypt the client key with a passphrase openssl genrsa -des3 -out client.key 1024 b. Don't encrypt the client key (I used this) openssl genrsa -out client.key 1024 6) openssl req -key client.key -new -out client.req 7) openssl x509 -req -in client.req -CA ca.pem -CAkey privkey.pem -CAserial file.srl -out client.pem Then I copy over the files client.pem and server.pem to the example software (openssl-examples-20020110): $ cp server.pem client.pem openssl-examples-20020110 $ cd openssl-examples-20020110 but the server can't understand the file server.pem: $ ./wserver Can't read key file 4783:error:0906D06C:PEM routines:PEM_read_bio:no start line:/usr/home/guru/myThings/FreeBSD/9-CURRENT/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/pem/pem_lib.c:650:Expecting: ANY PRIVATE KEY 4783:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib:/usr/home/guru/myThings/FreeBSD/9-CURRENT/src/secure/lib/libssl/../../../crypto/openssl/ssl/ssl_rsa.c:669: $ cat server.pem -----BEGIN CERTIFICATE----- MIIB+TCCAWICAQMwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQVUxEzARBgNV BAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0 ZDAeFw0xMjA3MjExNTM0MTZaFw0xMjA4MjAxNTM0MTZaMEUxCzAJBgNVBAYTAkFV MRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRz IFB0eSBMdGQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMSYH6rEOJHR86gi IvkPlWIFTSjAdxw/M/RWiRVSF7nPyDrdjfZ6T6uCGu+gax72SOt3uGCGKKtWa58z 1R9EVvU5OhJNUDXU72yFAKpcAH04ysdf2eNyInMbj+s+DYNukrVofTnrkqjAq2YS 0fOQmH2LbmjKTn4Ia9d9iEFXvR4/AgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAT3Vm EonQgYTwnktQMeRi7Uo40IYVXd3rNHeJFobVszP7ladNtBdjRAhD+03rbXBahxDA IGo68N8LdS5wxdUjQizmyTCsBJI2oTpQeSkZ0BrDExs8NCz8OzhskdMdgRw3JUXD tM6F1CUQbvpelHg9Yg3ILA5a4LE+nH774SyL+cE= -----END CERTIFICATE----- Perhaps something is wrong with the way used to generate the keys, but what? I checked the few *.txt files in http://www.openssl.org/docs/HOWTO/ and they seems to be usefull, but the file certificates.txt makes in the critical point a refernce to "...another HOWTO <formats.txt?>" which is not there :-( Thanks matthias -- Matthias Apitz t +49-89-61308 351 - f +49-89-61308 399 - m +49-170-4527211 e <g...@unixarea.de> - w http://www.unixarea.de/ UNIX since V7 on PDP-11 | UNIX on mainframe since ESER 1055 (IBM /370) UNIX on x86 since SVR4.2 UnixWare 2.1.2 | FreeBSD since 2.2.5 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
