At 08:36 AM 12/31/98 +0100, Holger Reif wrote:
Holger, thanks for your suggestion:
I tried the following:
ssleay rsa -noout -text -in cakey.pem
I was prompted for the PEM pass phrase. This makes me think I need to
remove the encryption on the key
so the script can access the key contents.
Now, I'll have to look into the documentation again to find how to do that.
Thanks and regards,
Happy 1999!
Bruce
->Bruce B. Platt schrieb:
->>
->> 2. ssleay.cnf is in usr/local/ssl/lib
->
->> I receive the following error from Fred's ns-cert.pl script:
->>
->> Certificate request failed
->>
->> /usr/local/ssl/bin/ca -config /usr/local/ssl/lib/ssleay.cnf -spkac
->> /data/web/public/server/certs/cert37.req -out
->> /data/web/public/server/certs/cert37.result -days 360
->>
->> rc = 256
->>
->> Using configuration from /usr/local/ssl/lib/ssleay.cnf
->> unable to load CA private key
-> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
->Check for the existence and readability of you CA's private
->key. The key is in a file that is named within
->/usr/local/ssl/lib/ssleay.cnf
->as "private_key" in the section that is named under "default_ca".
->
->If file exists try ssleay rsa -nout -text -in name_of_private_key_file
->if this works under httpd UID then your script should run fine.
->
->> 15468:error:06065064:digital envelope routines:EVP_DecryptFinal:bad
->> decrypt:evp_enc.c:275:
->> 15468:error:0906A065:PEM routines:PEM_do_header:bad decrypt:pem_lib.c:403:
->>
->> commonName
->> Client Certificate
->> emailAddress
->> [EMAIL PROTECTED]
->> organizationName
->> Comport
->> organizationalUnitName
->> HQ
->> localityName
->> Ramsey
->> stateOrProvinceName
->> NJ
->> countryName
->> US
->> SPKAC
->> MIHFMHEwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAtL+pTWvR1HuqbGa7yfOsd//f
->> g8X5AMT3Lo+CO2VHyqONr5ht43IaIG3N5LMqJII7LZXrO0Wv3WxljDh1Xuc78QID
->> AQABFhFjaGFsbGVuZ2VQYXNzd29yZDANBgkqhkiG9w0BAQQFAANBAC1l2mfNrU1n
->> dMCZZIvb5MZxXz9ZFJ9YqvWGt2MdYQ+FZ1RS8z164HtHr00PuY/0Matdb8TJd2pu
->> wn2vHdqilfI=
->> SUBMIT
->> Submit Query
->>
->> As you can see I have tried this 37 times!
->>
->> I am clearly confused as this point about what steps to take to generate a
->> CA that can then be used to create client certificates.
->> One last note, I am using apache with mod_ssl and a certificate generated
->> by me to run an ecrypted server.
->>
->> Any help will be be appreciated, especially that which assumes I know
nothing!
->>
->> Greetings of the season to all
->>
->> Regards,
->>
->> Bruce
->>
->> +--------------------------------------+
->> Bruce B. Platt, Ph.D.
->> Comport Consulting Corporation
->> 78 Orchard Street, Ramsey, NJ 07446
->> Phone: 201-236-0505 Fax: 201-236-1335
->> [EMAIL PROTECTED], bruce@ bruce.platt@
->> ______________________________________________________________________
->> Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
->> Official Support Mailing List [EMAIL PROTECTED]
->> Automated List Manager [EMAIL PROTECTED]
->
->--
->Holger Reif Tel.: +49 361 74707-0
->SmartRing GmbH Fax.: +49 361 7470720
->Europaplatz 5 [EMAIL PROTECTED]
->D-99091 Erfurt WWW.SmartRing.de
->______________________________________________________________________
->Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
->Official Support Mailing List [EMAIL PROTECTED]
->Automated List Manager [EMAIL PROTECTED]
->
+---------------------------------------------------------+
Bruce B. Platt, Ph.D. Vice-President
Comport Consulting Corporation
78 Orchard Street
Ramsey, NJ 07446
Phone: 201-236-0505 Fax: 201-236-1335
[EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
