I have test platform that contains everything necessary to compile and
configure aolserver, nsopenssl, ssldump in a self-contained area to test
in. If you can't get it working and you want to try out the test suite,
I'll let you know how to download.
/s.
> The keyfile was decrypted before I created the CSR. The server dies
> trying to load the signed (by me) certificate, even though:
>
> openssl x509 -noout -text -in certfile.pem
>
> Reguritates out the cert information O.K. I guess I failed to mention
> I'm using nsopenssl 1.1
>
> I must have an older version of OpenSSL, since the OPENSSL_free stub
> isn't there. I'll try and upgrade OpenSSL and try again.
>
> Scott Goodwin wrote:
> >
> > Make sure your private key is not passphrase-protected; if it is, it'll
> > fail to be loaded by the server. You can use openssl to take the
passphrase
> > off, but make sure you lock up this file so that only the server can
read
> > it (root will also be able to read it, obviously):
> >
> > openssl rsa -in key1.pem -out key2.pem
> >
> > The latest version is nsopenssl-1.1 and is available at
http://scottg.net.
> >
> > You'll want to use this version, and it requires OpenSSL 0.9.6 or higher
> > (though I haven't tested with 0.9.6a yet).
> >
> > /s.
> >
> > > O.K,
> > >
> > > With a little Makefile and source hacking I got nsopenssl.so to
> > > build. (OPENSSL_free isn't in my version of OpenSSL, was it added
> > > later? [tclcmds.c])
> > >
> > > Now my problem is that the module fails to load the certfile.pem. I
> > > created my own self-signed certificate using openssl, and from what I
> > > can tell it looks O.K. Has anyone tryed this before? I just think
> > > I'm missing something that my brain can't figure out. :-)
> > >
> > > P.S.
> > > The cert was generated from an unencrypted 3DES 1024-bit key if that
> > > helps any.
> > >
> > > "Daniel P. Stasinski" wrote:
> > > >
> > > > > I was wondering if there was anything in the works to port
> > > > > nsssl from BSAFE to OpenSSL? It appears that getting
> > > > > your hands on BSAFE would be the first problem.
> > > >
> > > > Try nsopenssl at:
> > > >
> > > > http://scottg.net/webtools/opennsd/modules/nsopenssl/
> > > >
> > > > Daniel P. Stasinski
> > > > http://www.disabilities-r-us.com
> > > > [EMAIL PROTECTED]
> > >
> > >
>
>
>
>
>
>
>
>
