Re: [twsocket] HTTP SSL Server vs p7b certificate's format

Thu, 06 Oct 2011 07:15:57 -0700 

If that doesn't help, use a TIcsLogger to get a full debug log
and send that to me if you don't find the error yourself.

So I tried a few things with ICS logger ON, but no answers.

First Delphi code to intialize TSSLContext :

        with MySslContext do
        begin
            SslCertFile    := APath + 'MyCertificate.pem';
            SslPassPhrase := '';
            SslPrivKeyFile := APath + 'MyCertificate.pem';
            SslCAFile := APath + 'MyCertificate.pem';
            SslCAPath := APath;
            SslVerifyPeer := False;
        end;

And ICS logger says :

15:57:49:896 InitCtx> OpenSSL version: OpenSSL 0.9.8h 28 May 2008
15:57:49:897 error:0906D06C:PEM routines:PEM_read_bio:no start line
error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib

So I checked MyCertificate.pem and I've got 3 blocks :

subject=/C=FR/OU=Domain Control Validated/CN=*.mydomain.fr
issuer=/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Domain Validation CA - G2
-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----

subject=/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Domain Validation CA - G2
issuer=/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----

subject=/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
issuer=/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----


Then I changed my Delphi code to :

        with TWSslContext do
        begin
            SslCertFile    := APath + 'CanyonCA.pem';
            SslPassPhrase := '';
//            SslPrivKeyFile := APath + 'CanyonCA.pem';
            SslCAFile := APath + 'CanyonCA.pem';
            SslCAPath := APath;
            SslVerifyPeer := False;
        end;

And ICS logger says :

15:59:00:703 InitCtx> OpenSSL version: OpenSSL 0.9.8h 28 May 2008
In my self generated certificate, I'd got a RSA Priv key included, but none here. Did I configure my SSLcontext in the right way ? 

Gratefully,

Guillaume ROQUES
<http://www.canyon.fr/>

Le 20:59, Arno Garrels a écrit :

ROQUES Guillaume wrote:

   What client is connecting
when that error happens?

IE 7 to 9 or Firefox
But none ask to add certificate, both say that the site is
unreachable....sounds weird I know T_T

Have you tried newer OpenSSL libraries?
http://wiki.overbyte.be/wiki/index.php/ICS_Download

If that doesn't help, use a TIcsLogger to get a full debug log
and send that to me if you don't find the error yourself.


--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be

Reply via email to