Re: [CalendarServer-users] Exception thrown when using chained certificates

Thu, 04 Apr 2013 22:19:35 -0700 

On Apr 3, 2013, at 1:15 , Glyph wrote:
> OK, Nikola, I can't seem to reproduce your issue myself.  If you have any 
> other information that you think is germane, please let me know.  Can you 
> load the certificate with OpenSSL?  Can you point another web server at it - 
> not caldavd - and speak to clients with it?


Hi Glyph,

I also tried the certificates with Apache - it works. However, when starting 
Apache, I was prompted for caldav-server.key's password. Maybe that is causing 
problems for twisted? If so, how could I create a passwordless key, if possible?


OpenSSL correctly verifies the certificate:

/tmp/keys % openssl verify -verbose -CAfile chain.crt -purpose sslserver 
caldav-server.crt
caldav-server.crt: OK

/tmp/keys % perl -n0777e 'map { print "---\n"; open(CMD, "| openssl x509 -noout 
-subject -issuer");
quote> print CMD; close(CMD) } /^-----BEGIN.*?^-----END.*?\n/gsm' chain.crt
---
subject= /C=CH/ST=X/O=Nikola/CN=caldav-server
issuer= /C=CH/ST=X/O=Nikola/CN=Intermediate CA
---
subject= /C=CH/ST=X/O=Nikola/CN=Intermediate CA
issuer= /C=CH/ST=X/O=Nikola/CN=Root CA
---
subject= /C=CH/ST=X/O=Nikola/CN=Root CA
issuer= /C=CH/ST=X/O=Nikola/CN=Root CA


/tmp/keys % % openssl x509 -noout -text -in caldav-server.crt
Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number: 1 (0x1)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=CH, ST=X, O=Nikola, CN=Intermediate CA
        Validity
            Not Before: Mar 29 18:43:21 2013 GMT
            Not After : Mar 28 18:43:21 2016 GMT
        Subject: C=CH, ST=X, O=Nikola, CN=caldav-server
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
                    xx
                Exponent: yy
    Signature Algorithm: sha1WithRSAEncryption
        uu


If it may help, these are python modules running on my system:
% pip list
Calendar-and-Contacts-Server (4.2.-r10865M-)
distribute (0.6.35)
kerberos (1.1.1)
opendirectory (1.0)
psutil (0.6.1)
pyasn1 (0.1.6)
pyasn1-modules (0.0.4)
pycalendar (2.0)
pycrypto (2.6)
pycrypto-on-pypi (2.3)
pydoctor (0.5b1)
PyGreSQL (4.1.1)
pyOpenSSL (0.13)
python-dateutil (2.1)
python-ldap (2.4.10)
pytz (2013b)
setproctitle (1.1.7)
six (1.3.0)
sqlparse (0.1.2)
Twisted (12.3.0)
wsgiref (0.1.2)
xattr (0.6.4)
zope.interface (4.0.5)


Thanks,
Nikola

_______________________________________________
calendarserver-users mailing list
calendarserver-users@lists.macosforge.org
https://lists.macosforge.org/mailman/listinfo/calendarserver-users

Reply via email to