On Fri, Sep 12, 2014 at 04:31:13AM -0400, Dave Thompson wrote:
> *If* you are now using a legacy-format encrypted private-key (and your
> original
>
> error message suggested you might need some form of private key, which does
>
> necessarily mean legacy-format encrypted) yes 76 chars is a problem.
That said, it seems more likely that the real issue is that client
code should be attempting to employ a client certificate file.
The OP provided a file with no client private key (there is none),
and the software complains since no private key of any kind is
found.
The client key file should be initialized to NULL. Separately
the client may need to specify trust anchors so that server
validation succeeds.
However, when it comes to X.509 PKI, the OP may be "in a maze of
twisty little passages, all alike". I don't know how to bridge
the gulf. Some sort of tutorial may be the a start. Any
recommendations of a gentle introduction to X.509 certificates,
keys, trust anchors, ... for operators and developers?
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
