Re: SSL error when logging into nessus

Mon, 30 Dec 2002 16:11:56 -0800 

   Date: Mon, 30 Dec 2002 12:33:53 -0500 (EST)
   From: "George A. Theall" <[EMAIL PROTECTED]>

   Now, looking at your configuration settings again:

   > ca_file=/usr/local/openssl/private/cacert.pem

   Is this really the CA cert? By convention, the directory "private"
   is for private keys; certs go in the directory "certs".

Yes it is the CA cert; I just put it there for no particular reason.

   If it's truly the CA cert and you created it using OpenSSL yourself,
   does it check out ok with OpenSSL? For example, run "openssl x509 -in
   /usr/local/openssl/private/cacert.pem -noout -text"

OK, this is what I get:
# openssl x509 -in /usr/local/openssl/private/cacert.pem -noout -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 0 (0x0)
        Signature Algorithm: md5WithRSAEncryption
        Issuer: C=US, ST=New York, L=New York, O=Kynn Jones, CN=Kynn 
[EMAIL PROTECTED]
        Validity
            Not Before: Dec 29 23:00:52 2002 GMT
            Not After : Jan 28 23:00:52 2003 GMT
        Subject: C=US, ST=New York, L=New York, O=Kynn Jones, CN=Kynn 
[EMAIL PROTECTED]
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                    00:b7:68:d4:36:13:af:01:7a:08:64:c6:39:aa:2f:
                    0e:65:b6:c1:94:00:96:93:b5:cd:e3:d6:1d:85:34:
                    9d:41:a9:fe:95:27:db:5a:af:77:e6:60:6f:ab:eb:
                    d2:18:90:8a:28:d8:89:18:0e:bf:a7:36:4e:a2:fa:
                    d6:25:bd:11:d9:d9:af:94:34:49:2c:f0:c0:f4:48:
                    31:c1:f3:8a:0b:e2:2a:5f:28:92:a9:c7:1e:be:5d:
                    fe:be:d9:bc:74:19:39:c2:e3:3c:7a:28:c2:ff:62:
                    6e:66:96:82:b4:de:78:fb:0a:23:fb:ee:e1:3b:84:
                    05:ad:d8:5c:6b:fe:6d:5c:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                71:BB:AB:07:8B:74:6D:D3:26:8B:59:4E:85:5B:B0:DC:CF:39:76:46
            X509v3 Authority Key Identifier: 
                keyid:71:BB:AB:07:8B:74:6D:D3:26:8B:59:4E:85:5B:B0:DC:CF:39:76:46
                DirName:/C=US/ST=New York/L=New York/O=Kynn Jones/CN=Kynn 
[EMAIL PROTECTED]
                serial:00

            X509v3 Basic Constraints: 
                CA:TRUE
    Signature Algorithm: md5WithRSAEncryption
        4c:76:54:4a:26:dc:ff:01:f0:96:91:6c:67:e0:a8:bb:af:49:
        76:17:71:ab:9a:a6:44:08:b6:00:b0:9b:7f:38:dd:76:89:d1:
        64:f9:9d:b3:af:a6:81:ce:9f:4a:e2:de:a9:9e:bc:b2:5d:fc:
        3a:85:fa:41:38:e0:ff:bf:1e:91:e1:f1:cf:f5:30:a1:83:7a:
        85:20:ac:6b:e0:c7:0f:f6:44:c6:82:92:64:a2:13:98:41:1f:
        ce:60:3a:a2:03:4e:6f:dc:a4:09:03:92:cc:54:f9:57:34:94:
        13:43:a9:77:44:36:0f:60:1f:09:71:81:48:48:5b:53:c6:66:
        c9:04


   Also, what steps did you follow when generating the CA cert?


I see that the output says "CA:TRUE", which I suppose means that it is
indeed a CA cert.  I used the following to make it:

OPENSSL_DIR=/usr/local/openssl
OPENSSL=/usr/local/bin/openssl

${OPENSSL} req -new -x509 -keyout ${OPENSSL_DIR}/private/cakey.pem \
    -out ${OPENSSL_DIR}/private/cacert.pem \
    -config ${OPENSSL_DIR}/openssl.cnf


(That's how my cacert.pem ended up in the private directory.)



Again, thank you very much for your help.

KJ


-
[EMAIL PROTECTED]: general discussions about Nessus.
* To unsubscribe, send a mail to [EMAIL PROTECTED] with
"unsubscribe nessus" in the body.

Reply via email to