Hi all,
Here's my situation... I'm trying to
produce certs and keys with the Java security packages
for use in my ssl enabled web server. The problem is
that when I try to start apache in SSL mode, it
doesn't like my server cert's private key. The Java
docs say that the private key I generated is a DER
encoding of the PKCS8 format. I took that output,
base64 encoded it, and added PEM headers. At this
point it "looks" like one that I've created with
openssl. If I try to start apache, it complains about
the key. If I try to look at the key with:
openssl dsa -noout -in key.pem -text
I get the following output (errors):
19268:error:0D080071:asn1 encoding
routines:d2i_ASN1_INTEGER:expecting an
integer:a_int.c:258:
19268:error:0D08A082:asn1 encoding
routines:d2i_DSAPrivateKey:parsing:d2i_s_pr.c:100:
19268:error:0D09B00D:asn1 encoding
routines:d2i_PrivateKey:ASN1
lib:d2i_pr.c:98:19268:error:0906700D:PEM
routines:PEM_ASN1_read_bio:ASN1 lib:pem_lib.c:290:
Sorry if that's not all lined up nicely...
If I run:
openssl asn1parse -in ~/key.pem
I get the following output:
0:d=0 hl=4 l= 331 cons: SEQUENCE
4:d=1 hl=2 l= 1 prim: INTEGER :00
7:d=1 hl=4 l= 300 cons: SEQUENCE
11:d=2 hl=2 l= 7 prim: OBJECT
:dsaEncryption
20:d=2 hl=4 l= 287 cons: SEQUENCE
24:d=3 hl=3 l= 129 prim: INTEGER
:FD7F53811D75122952DF4A9C2EECE4E7F611B7523CEF4400C31E3F80B6512669455D402251FB593D8D58FABFC5F5BA30F6CB9B556CD7813B801D346FF26660B76B9950A5A49F9FE8047B1022C24FBBA9D7FEB7C61BF83B57E7C6A8A6150F04FB83F6D3C51EC3023554135A169132F675F3AE2B61D72AEFF22203199DD14801C7
156:d=3 hl=2 l= 21 prim: INTEGER
:9760508F15230BCCB292B982A2EB840BF0581CF5
179:d=3 hl=3 l= 129 prim: INTEGER
:F7E1A085D69B3DDECBBCAB5C36B857B97994AFBBFA3AEA82F9574C0B3D0782675159578EBAD4594FE67107108180B449167123E84C281613B7CF09328CC8A6E13C167A8B547C8D28E0A3AE1E2BB3A675916EA37F0BFA213562F1FB627A01243BCCA4F1BEA8519089A883DFE15AE59F06928B665E807B552564014C3BFECF492A
311:d=1 hl=2 l= 22 prim: OCTET STRING
I've attached that output (asn1parse.out) in case it's
unreadable here. My thought is that I'm doing
something wrong on the Java side, but I have nothing
to base that thought on. Any suggestions
would be extremely helpful. I can provide copies of
the binary and PEM version of my key if anyone needs
them.
Thanks,
Jeff Ricks
[EMAIL PROTECTED]
__________________________________________________
Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://im.yahoo.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]