The keyfile was decrypted before I created the CSR. The server dies
trying to load the signed (by me) certificate, even though:
openssl x509 -noout -text -in certfile.pem
Reguritates out the cert information O.K. I guess I failed to mention
I'm using nsopenssl 1.1
I must have an older version of OpenSSL, since the OPENSSL_free stub
isn't there. I'll try and upgrade OpenSSL and try again.
Scott Goodwin wrote:
>
> Make sure your private key is not passphrase-protected; if it is, it'll
> fail to be loaded by the server. You can use openssl to take the passphrase
> off, but make sure you lock up this file so that only the server can read
> it (root will also be able to read it, obviously):
>
> openssl rsa -in key1.pem -out key2.pem
>
> The latest version is nsopenssl-1.1 and is available at http://scottg.net.
>
> You'll want to use this version, and it requires OpenSSL 0.9.6 or higher
> (though I haven't tested with 0.9.6a yet).
>
> /s.
>
> > O.K,
> >
> > With a little Makefile and source hacking I got nsopenssl.so to
> > build. (OPENSSL_free isn't in my version of OpenSSL, was it added
> > later? [tclcmds.c])
> >
> > Now my problem is that the module fails to load the certfile.pem. I
> > created my own self-signed certificate using openssl, and from what I
> > can tell it looks O.K. Has anyone tryed this before? I just think
> > I'm missing something that my brain can't figure out. :-)
> >
> > P.S.
> > The cert was generated from an unencrypted 3DES 1024-bit key if that
> > helps any.
> >
> > "Daniel P. Stasinski" wrote:
> > >
> > > > I was wondering if there was anything in the works to port
> > > > nsssl from BSAFE to OpenSSL? It appears that getting
> > > > your hands on BSAFE would be the first problem.
> > >
> > > Try nsopenssl at:
> > >
> > > http://scottg.net/webtools/opennsd/modules/nsopenssl/
> > >
> > > Daniel P. Stasinski
> > > http://www.disabilities-r-us.com
> > > [EMAIL PROTECTED]
> >
> >
