Marek Marcola wrote:
> Change ssl.ca-file directive to vs_ca.pem.
>
IT WORKED! IT WORKED! HALLELUJAH IT WORKED!!
Thank you SO MUCH for your help! Now, I'll review our million messages
and try to make sense of them, and put together a how-to if that seems
appropriate.
Thanks again :))
beno
_
Hello,
> Wait! I misunderstood...
>
> server167# openssl verify -CAfile vs_root_ca.pem vs_inter_ca.pem
> vs_inter_ca.pem: OK
> server167# cat vs_root_ca.pem vs_inter_ca.pem > vs_ca.pem
> server167# openssl verify -CAfile vs_ca.pem mrtablecloth-vi.com.crt.pem
> mrtablecloth-vi.com.crt.pem: OK
> ser
Hello,
> > Then do first check:
> > $ openssl verify -CAfile vs_root_ca.pem vs_inter_ca.pem
> > vs_inter_ca.pem: OK
> >
> server167# openssl verify -CAfile vs_root_ca.pem vs_inter_ca.pem
> vs_inter_ca.pem: OK
> vs_inter_ca.pem: OK
> Error opening certificate file vs_inter_ca.pem:
> 8270:error:02
Wait! I misunderstood...
server167# openssl verify -CAfile vs_root_ca.pem vs_inter_ca.pem
vs_inter_ca.pem: OK
server167# cat vs_root_ca.pem vs_inter_ca.pem > vs_ca.pem
server167# openssl verify -CAfile vs_ca.pem mrtablecloth-vi.com.crt.pem
mrtablecloth-vi.com.crt.pem: OK
server167# /usr/local/sbi
Marek Marcola wrote:
> Great, save contents of this certificate (in window) to lets say
> vs_inter_ca.pem.
> Next download Root certificate from:
> http://www.verisign.com/support/verisign-intermediate-ca/Trial_Secure_Server_Root/index.html
> and save to lets say vs_root_ca.pem
>
Done.
> Then do
Hello,
> Then maybe my problem was at the start. I received an email from
> Verisign at the beginning telling me to load this trial CA cert from
> this page:
> http://www.verisign.com/support/verisign-intermediate-ca/trial-secure-server-intermediate/index.html
> Now, not knowing better (and still n
Marek Marcola wrote:
> You should get CA cert from Verisign (or something) which subject
> will equal to this issuer.
>
Then maybe my problem was at the start. I received an email from
Verisign at the beginning telling me to load this trial CA cert from
this page:
http://www.verisign.com/support
Hello,
> First, my correction...I got that error when I tried to install a
> CACert...I got the other error from the Verisign cert.
> I got no pem file from CACert. Verisign says I can test what they've
> given me and it should all work. The client wants to see that test work
> before they pay them
Marek Marcola wrote:
> I think you get this error because you specified in config file:
> ssl.ca-file="/etc/ssl/certs/mrtablecloth-vi.com.crt"
> This file should be PEM file from Verisign temporary CA,
> you should get it from Verisign, eventually convert to PEM
> save to file and point in th
Hello,
> I assume you mean substitute the current file for the one you sent. I
> did that and the command executed successfully :)
> However...
>
> server167# /usr/local/sbin/lighttpd -f
> /usr/ports/www/lighttpd/doc/lighttpd.conf
> 2006-11-14 16:55:06: (network.c.358) SSL:
> error::lib(0)
Marek Marcola wrote:
I assume you mean substitute the current file for the one you sent. I
did that and the command executed successfully :)
However...
server167# /usr/local/sbin/lighttpd -f
/usr/ports/www/lighttpd/doc/lighttpd.conf
2006-11-14 16:55:06: (network.c.358) SSL:
error::lib(0):
Hello,
> server167# openssl base64 -d -in private.key_BAK | openssl rsa -inform
> der > mrtablecloth-vi.com.crt.pem
> writing RSA key
ok
> server167# openssl base64 -d -in mrtablecloth-vi.com.crt | openssl x509
> -inform der >> mrtablecloth-vi.com.crt.pem
> unable to load certificate
looks like bad
Marek Marcola wrote:
> My mistake, should be of course to mrtablecloth-vi.com.crt.com
I assume you mean *.pem, not *.com but at any rate the results were the
same :(
> Restore base64 encoded DER certificate to mrtablecloth-vi.com.crt
> and run this command again.
>
server167# openssl base64 -d -
Marek Marcola wrote:
> Use something like:
>
>
server167# openssl base64 -d -in private.key_BAK | openssl rsa -inform
der > mrtablecloth-vi.com.crt
writing RSA key
server167# rm mrtablecloth-vi.com.crt.pem
server167# openssl base64 -d -in mrtablecloth-vi.com.crt | openssl x509
-inform der >> mrt
Hello,
>
> server167# openssl base64 -d -in mrtablecloth-vi.com.crt | openssl x509
> -inform der > mrtablecloth-vi.com.crt.pem
>
> Clean, no complaints :)
> However...
>
> server167# /usr/local/sbin/lighttpd -f
> /usr/ports/www/lighttpd/doc/lighttpd.conf
> 2006-11-14 14:56:44: (network.c.377) SS
Hello,
> server167# openssl base64 -d -in private.key_BAK | openssl rsa -inform
> der > mrtablecloth-vi.com.crt
> writing RSA key
My mistake, should be of course to mrtablecloth-vi.com.crt.com
> server167# rm mrtablecloth-vi.com.crt.pem
Do not run this command now.
> server167# openssl base64 -d
Hello,
> server167# openssl base64 -d -in private.key_BAK | openssl rsa -inform
> der > mrtablecloth-vi.com.crt
> writing RSA key
My mistake, should be of course to mrtablecloth-vi.com.crt.pem
> server167# rm mrtablecloth-vi.com.crt.pem
Do not run this command now.
> server167# openssl base64 -d
Hello,
> > You should cat real PEM encoded cert and key.
> >
> I assume from what you write I should create a pem file out of the crt file:
>
> server167# openssl base64 -d -in mrtablecloth-vi.com.crt | openssl rsa
> -inform der > mrtablecloth-vi.com.crt.pem
>
> However, when I try that, I get
Hello,
> > You should convert your private key to PEM format too.
> > This error is probably because certificate is read as RSA key.
> > Convert both files to PEM (files with BEGIN header),
> > cat both files to one file and use in your configuration.
> >
> Same thing:
>
> server167# ls
>
Marek Marcola wrote:
> You should convert your private key to PEM format too.
> This error is probably because certificate is read as RSA key.
> Convert both files to PEM (files with BEGIN header),
> cat both files to one file and use in your configuration.
>
Same thing:
server167# ls
mrta
Marek Marcola wrote:
..
server167# openssl base64 -d -in mrtablecloth-vi.com.crt | openssl x509
-inform der > mrtablecloth-vi.com.crt.pem
Clean, no complaints :)
However...
server167# /usr/local/sbin/lighttpd -f
/usr/ports/www/lighttpd/doc/lighttpd.conf
2006-11-14 14:56:44: (network.c.377) SSL:
Marek Marcola wrote:
> You should convert your private key to PEM format too.
> This error is probably because certificate is read as RSA key.
> Convert both files to PEM (files with BEGIN header),
> cat both files to one file and use in your configuration.
>
Same thing:
server167# ls
mrta
Marek Marcola wrote:
> You should cat real PEM encoded cert and key.
>
I assume from what you write I should create a pem file out of the crt file:
server167# openssl base64 -d -in mrtablecloth-vi.com.crt | openssl rsa
-inform der > mrtablecloth-vi.com.crt.pem
However, when I try that, I get t
Hello,
> Okay, I did everything you told me to do. First of all, the crt is a
> test crt and has been all along. That's how Verisign works these days.
> They give you a test cert until you pay them money.
>
> When I displayed the key, then converted it to pem format and displayed
> the converted
Marek Marcola wrote:
Okay, I did everything you told me to do. First of all, the crt is a
test crt and has been all along. That's how Verisign works these days.
They give you a test cert until you pay them money.
When I displayed the key, then converted it to pem format and displayed
the convert
Hello,
> > This file is not PEM format, after exporting certificate (under Windows)
> > from this file to PEM encoded certificate this looks redable under
> > Linux.
> >
> I'm afraid I don't understand what you mean. The file I sent was a *.crt
> file. What am I to do to get the file to work? He
Marek Marcola wrote:
> This file is not PEM format, after exporting certificate (under Windows)
> from this file to PEM encoded certificate this looks redable under
> Linux.
>
I'm afraid I don't understand what you mean. The file I sent was a *.crt
file. What am I to do to get the file to work?
Hello,
> >> server167# openssl rsa -in private.key -modulus -noout
> >> Modulus=E186578C9DC070364BCFABAF834D4FF85385E0F03B1398136361704E4359E5ABC97A2C8AB00580E9E2E6EA8EF8828009F46E5FD1331B90F8828373B3AC77B47FA4AAEAA50BF56AE721A92ED3A62E51F3ABB593099FA077845D38DDF1FB4FA52ADA06618CDD8AF7F739AEE331352
Hello,
> >>> - check if you have compatible cert and key:
> >>> $ openssl x509 -in mrtablecloth-vi.com.pem -modulus -noout
> >>>
> This gives same as above.
> > Of course you should change example file key.pem to your real
> > file private.key.
> >
> I wasn't sure, because what you use
Marek Marcola wrote:
>> server167# openssl x509 -in mrtablecloth-vi.com.pem -text -noout
>> unable to load certificate
>> 67298:error:0906D06C:PEM routines:PEM_read_bio:no start
>> line:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/pem/pem_lib.c:637:Expecting:
>> TRUSTED CERTIFICATE
Hello,
> server167# ls
> mrtablecloth-vi.com.crt mrtablecloth-vi.com.csr mrtablecloth-vi.com.pem
> private.key
>
> > I suggest:
> > - check that certificate is readable with:
> > $ openssl x509 -in cert.pem -text -noout
> >
> server167# openssl x509 -in mrtablecloth-vi.com.pem -text -noout
Marek Marcola wrote:
First up...
server167# ls
mrtablecloth-vi.com.crt mrtablecloth-vi.com.csr mrtablecloth-vi.com.pem
private.key
> I suggest:
> - check that certificate is readable with:
> $ openssl x509 -in cert.pem -text -noout
>
server167# openssl x509 -in mrtablecloth-vi.com.pem
Hello,
> 2006-11-10 16:45:17: (network.c.377) SSL: Private key does not match
> the certificate public key, reason: error:0906D06C:PEM
> routines:PEM_read_bio:no start line /etc/ssl/certs/mrtablecloth.com.pem
>
> So, I deleted everything and tried again. Got the _same_ error. I know
> darn well I
33 matches
Mail list logo
