Re: [AOLSERVER] nsssl -> openssl ?

Mon, 14 May 2001 12:40:06 -0700 

Which is why I'm not going to bother to put the code in nsopenssl to ask
for the passphrase. I'll probably add a message in the error log telling
the user that the private key may be pass-phrase protected and how to tell
if it is and how to take off the pass-phrase.

/s.



> I've always wondered why servers bother to encrypt the private key.  The
> passphrase is right there in the server configuration so why bother?
>
> Kris
>
>
> > -----Original Message-----
> > From: AOLserver Discussion [mailto:[EMAIL PROTECTED]]On Behalf
> > Of Scott Goodwin
> > Sent: Mon, 05-14-01 02:40p
> > To: [EMAIL PROTECTED]
> > Subject: Re: [AOLSERVER] nsssl -> openssl ?
> >
> >
> > Make sure your private key is not passphrase-protected; if it is, it'll
> > fail to be loaded by the server. You can use openssl to take the
> > passphrase
> > off, but make sure you lock up this file so that only the server can
read
> > it (root will also be able to read it, obviously):
> >
> >
> > openssl rsa -in key1.pem -out key2.pem
> >
> >
> > The latest version is nsopenssl-1.1 and is available at
http://scottg.net.
> >
> > You'll want to use this version, and it requires OpenSSL 0.9.6 or higher
> > (though I haven't tested with 0.9.6a yet).
> >
> > /s.
> >
> >
> > > O.K,
> > >
> > > With a little Makefile and source hacking I got nsopenssl.so to
> > > build.  (OPENSSL_free isn't in my version of OpenSSL, was it added
> > > later? [tclcmds.c])
> > >
> > > Now my problem is that the module fails to load the certfile.pem.  I
> > > created my own self-signed certificate using openssl, and from what I
> > > can tell it looks O.K.  Has anyone tryed this before?  I just think
> > > I'm missing something that my brain can't figure out. :-)
> > >
> > > P.S.
> > > The cert was generated from an unencrypted 3DES 1024-bit key if that
> > > helps any.
> > >
> > > "Daniel P. Stasinski" wrote:
> > > >
> > > >  > I was wondering if there was anything in the works to port
> > > >  > nsssl from BSAFE to OpenSSL?  It appears that getting
> > > >  > your hands on BSAFE would be the first problem.
> > > >
> > > > Try nsopenssl at:
> > > >
> > > >     http://scottg.net/webtools/opennsd/modules/nsopenssl/
> > > >
> > > > Daniel P. Stasinski
> > > > http://www.disabilities-r-us.com
> > > > [EMAIL PROTECTED]
> > >
> > >
> >
>
>

Reply via email to