On Fri, Sep 12, 2014 at 04:31:13AM -0400, Dave Thompson wrote: > *If* you are now using a legacy-format encrypted private-key (and your > original > > error message suggested you might need some form of private key, which does > > necessarily mean legacy-format encrypted) yes 76 chars is a problem.
That said, it seems more likely that the real issue is that client code should be attempting to employ a client certificate file. The OP provided a file with no client private key (there is none), and the software complains since no private key of any kind is found. The client key file should be initialized to NULL. Separately the client may need to specify trust anchors so that server validation succeeds. However, when it comes to X.509 PKI, the OP may be "in a maze of twisty little passages, all alike". I don't know how to bridge the gulf. Some sort of tutorial may be the a start. Any recommendations of a gentle introduction to X.509 certificates, keys, trust anchors, ... for operators and developers? -- Viktor. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org