Scott Goodwin wrote:
>
> I have test platform that contains everything necessary to compile and
> configure aolserver, nsopenssl, ssldump in a self-contained area to test
> in. If you can't get it working and you want to try out the test suite,
> I'll let you know how to download.
>
> /s.
>
> > The keyfile was decrypted before I created the CSR. The server dies
> > trying to load the signed (by me) certificate, even though:
> >
> > openssl x509 -noout -text -in certfile.pem
> >
> > Reguritates out the cert information O.K. I guess I failed to mention
> > I'm using nsopenssl 1.1
> >
> > I must have an older version of OpenSSL, since the OPENSSL_free stub
> > isn't there. I'll try and upgrade OpenSSL and try again.
> >
> > Scott Goodwin wrote:
> > >
> > > Make sure your private key is not passphrase-protected; if it is, it'll
> > > fail to be loaded by the server. You can use openssl to take the
> passphrase
> > > off, but make sure you lock up this file so that only the server can
> read
> > > it (root will also be able to read it, obviously):
> > >
> > > openssl rsa -in key1.pem -out key2.pem
> > >
> > > The latest version is nsopenssl-1.1 and is available at
> http://scottg.net.
> > >
> > > You'll want to use this version, and it requires OpenSSL 0.9.6 or higher
> > > (though I haven't tested with 0.9.6a yet).
I'll try again with 0.9.6a and let you know how it goes. Hopefully
it's backwards-compatible. :-)
> > >
> > > /s.
> > >
> > > > O.K,
> > > >
> > > > With a little Makefile and source hacking I got nsopenssl.so to
> > > > build. (OPENSSL_free isn't in my version of OpenSSL, was it added
> > > > later? [tclcmds.c])
> > > >
> > > > Now my problem is that the module fails to load the certfile.pem. I
> > > > created my own self-signed certificate using openssl, and from what I
> > > > can tell it looks O.K. Has anyone tryed this before? I just think
> > > > I'm missing something that my brain can't figure out. :-)
> > > >
> > > > P.S.
> > > > The cert was generated from an unencrypted 3DES 1024-bit key if that
> > > > helps any.
> > > >
> > > > "Daniel P. Stasinski" wrote:
> > > > >
> > > > > > I was wondering if there was anything in the works to port
> > > > > > nsssl from BSAFE to OpenSSL? It appears that getting
> > > > > > your hands on BSAFE would be the first problem.
> > > > >
> > > > > Try nsopenssl at:
> > > > >
> > > > > http://scottg.net/webtools/opennsd/modules/nsopenssl/
> > > > >
> > > > > Daniel P. Stasinski
> > > > > http://www.disabilities-r-us.com
> > > > > [EMAIL PROTECTED]
> > > >
> > > >
> >
> >
> >
> >
> >
> >
> >
> >
