On Fri, Dec 30, 2011 at 12:09 AM, varoun p <[email protected]> wrote: > On Thu, Dec 29, 2011 at 10:58 PM, Philip Guenther <[email protected]> wrote: >> On Thu, 29 Dec 2011, varoun p wrote: >>> Currently on a VirtualBox VM hosted on a Mac OSX Lion: >>> $ uname -prsv >>> OpenBSD 5.0 GENERIC#43 Intel(R) Core(TM) i5-2415M CPU @ 2.30GHz >>> ("GenuineIntel" 686-class) >>> $ >>> >>> Creating a PEM encoded, self signed X.509 cert as follows: >>> $ openssl genrsa -out iam.key 1024 >>> $ openssl req -new -key iam.key -out iam.csr >>> $ openssl x509 -req -in iam.csr -signkey iam.key -out iam.pem >>> >>> When trying to upload this cert (iam.pem) for use with Amazon Web >>> Services, I get a malformed certificate error. >>> The same sequence of steps when run on Darwin (Darwin 11.0.0 Darwin >>> Kernel Version 11.0.0: Sat Jun 18 12:56:35 PDT 2011; >>> root:xnu-1699.22.73~1/RELEASE_X86_64 i386) or FreeBSD (FreeBSD >>> 8.2-RELEASE-p3 FreeBSD 8.2-RELEASE-p3 #0: Tue Sep 27 18:07:27 UTC 2011 >>> [email protected]:/usr/obj/usr/src/sys/GENERIC >>> i386) gives me a working cert that does not error out when trying to >>> use it with AWS. >> >> Since we don't all have access to Darwin and/or FreeBSD, what's the output >> of: >> openssl x509 -noout -text -in iam.pem >> >> for the unaccepted and accepted certs? >> >> >> Philip Guenther > > I created two certs, fbsd-iam.pem was created on a FreeBSD 8.2 host > and obsd-iam.pem was created on an OpenBSD 5.0 host. Both certs were > created using the same sequence of three commands listed earlier. The > cert fbsd-iam.pem was accepted while obsd-iam.pem was rejected with an > error that said 'Malformed certificate'. > > The requested output : > > sa-mac-varoun:cert-test varoun$ ls > fbsd-iam.pem obsd-iam.pem > sa-mac-varoun:cert-test varoun$ openssl x509 -noout -text -in fbsd-iam.pem > Certificate: > Data: > Version: 1 (0x0) > Serial Number: > eb:dc:97:63:8c:b1:ae:cc > Signature Algorithm: sha1WithRSAEncryption > Issuer: C=IN, ST=Karnataka, L=Bangalore, O=Directi, > OU=talk.to, CN=Varoun P/[email protected] > Validity > Not Before: Dec 29 18:20:19 2011 GMT > Not After : Jan 28 18:20:19 2012 GMT > Subject: C=IN, ST=Karnataka, L=Bangalore, O=Directi, > OU=talk.to, CN=Varoun P/[email protected] > Subject Public Key Info: > Public Key Algorithm: rsaEncryption > Public-Key: (1024 bit) > Modulus: > 00:bf:80:94:d4:b7:c4:42:d8:f3:ad:c0:1c:b7:f1: > 33:0f:f7:64:1b:22:68:70:14:0c:61:88:3d:20:47: > c6:10:97:c0:96:ce:ed:c9:96:41:f2:34:16:dd:15: > fb:ca:b2:ca:65:6f:50:68:f0:7b:34:30:ae:11:b9: > 43:33:99:f3:d4:d2:03:12:06:8c:85:6b:e9:97:fe: > 38:b6:e6:8a:39:c0:b6:33:92:3b:0c:ac:43:72:f2: > a2:bc:ba:d4:71:42:2c:da:40:28:1d:28:8f:a9:f2: > 54:db:f1:e3:2a:5e:f1:e4:2e:71:24:54:51:86:d6: > 3c:e6:9b:ec:a9:40:6b:67:25 > Exponent: 65537 (0x10001) > Signature Algorithm: sha1WithRSAEncryption > 54:0f:14:46:56:c3:f0:b7:85:aa:66:1c:3d:5e:b7:a1:b5:c0: > 3a:98:14:74:ef:6a:54:ad:d5:4b:c6:db:b6:2e:c8:a5:aa:1f: > 9d:db:33:c8:dd:46:81:9b:9d:73:b9:81:71:ac:0c:c6:d9:14: > 52:61:b7:6a:e0:62:87:72:98:26:a6:a0:15:3f:bc:4e:02:81: > 97:3a:86:6f:3c:a2:6f:9e:d8:9b:17:27:ef:af:e2:27:5a:18: > f0:a4:32:35:70:1c:23:16:34:e6:e1:48:09:e8:33:08:de:f2: > f5:57:25:a9:cf:1f:19:e5:4b:5d:57:6f:38:a7:76:98:53:46: > 3d:cc > sa-mac-varoun:cert-test varoun$ openssl x509 -noout -text -in obsd-iam.pem > Certificate: > Data: > Version: 1 (0x0) > Serial Number: > d9:da:50:80:12:fb:05:2e > Signature Algorithm: sha1WithRSAEncryption > Issuer: C=IN, ST=Karnataka, L=Bangalore, O=Directi, > OU=talk.to, CN=talk.to/[email protected] > Validity > Not Before: Dec 29 23:55:50 2011 GMT > Not After : Jan 28 23:55:50 2012 GMT > Subject: C=IN, ST=Karnataka, L=Bangalore, O=Directi, > OU=talk.to, CN=talk.to/[email protected] > Subject Public Key Info: > Public Key Algorithm: rsaEncryption > Public-Key: (1024 bit) > Modulus: > 00:ea:28:24:b2:19:96:fd:27:ac:3d:5c:b1:41:cd: > 68:0b:3d:17:40:b8:28:75:14:64:40:55:54:cc:dd: > 52:31:7a:c2:e1:65:9b:21:fc:32:7c:74:94:57:90: > b2:b8:e5:dd:f6:b7:b0:d6:87:b6:60:91:22:e7:bb: > 57:ce:10:0b:c8:f5:9b:d8:94:0b:bb:d9:df:f1:4c: > 6b:5a:10:b1:79:00:7e:9c:11:66:bf:7c:3b:2b:5f: > f9:f5:20:22:30:6e:f1:23:4a:a2:d3:16:38:80:d6: > d6:a6:e5:15:7b:bb:22:38:00:0b:9f:ef:c7:98:55: > 0b:c8:59:ab:60:0d:16:34:15 > Exponent: 65537 (0x10001) > Signature Algorithm: sha1WithRSAEncryption > 30:b5:f6:4c:cd:f3:67:e1:ec:31:8b:e2:72:ef:54:09:f8:52: > 4b:55:0b:30:1d:58:ba:db:a7:3b:cb:52:cd:d4:95:d2:2f:ca: > e5:45:33:e9:55:2e:d6:c6:2b:91:ca:ea:53:47:bf:ca:6d:45: > cf:c8:94:1d:1c:02:3e:2c:ce:79:c3:82:2d:bb:a5:08:a7:f3: > 79:34:ef:13:42:13:f8:3e:78:a8:38:72:75:4d:83:9e:a5:8b: > d2:5b:f3:99:4e:3f:72:25:c7:df:85:1b:12:9f:98:9b:6c:72: > 94:fd:cb:10:3a:ec:52:d6:bb:27:37:14:15:13:d3:ce:ab:07: > f4:7c > sa-mac-varoun:cert-test varoun$ > > > I've also attached both certs to this email. > > -- varoun
I just noticed that the clock on the OpenBSD host was off by a few hours: On FreeBSD: > date Fri Dec 30 00:12:54 IST 2011 > On OpenBSD: $ date Fri Dec 30 05:42:55 IST 2011 $ This may have been the problem, I'll investigate further. -- varoun
