Hi Gilad, You must copy the public key file generated by openssl (cakey.pem) in usr/local/appache/ssl.crt/server.key. The pkcs#11 engine "load_private_key" function read the public key file to find the private key in the hardware. cheers Afchine ______________________________________ [EMAIL PROTECTED] Bull TrustWay R&D http://www.trustway.bull.com
the > Hi Afchine, > After along vacation I am back in business. > I have tried applying your mod_ssl patch on the pkcs#11 engine to try and > work the apache with ssl using my Smart Card. > > I tried before that a simple mod_ssl instalation (software keys only ) and > every thing seems to be working fine. > > > Unfortunately I was not able to run mod_ssl with the pkcs#11 patch. > It may be due to some differences on how your hardware behaves compared with > a regular Smart Card. > Can you pin point me to the source of the problem using the debug log I got > from apache mod_ssl engine ? > > Thanks. > > P.S. > FYI I am working also on engine support to secxml library and I will test it > with the pkcs#11 engine. > > Gilad > > > > > > Create RSA private and public on my PKCS#11 SmartCard > ------------------------------------------------------- > openssl req -engine pkcs11 -keyform e -new -x509 -keyout cakey.pem -out > cacrt.pem -days 365 > > > cp cacrt.pem /usr/local/appache/ssl.crt/server.crt =>> copy the certifictae > created to the apache directory > > > I can verify the creation of the RSA keys was succesfull and they are > present on the Smart Card > > > When trying to run /usr/local/apache/bin/apachctl startssl I get > pache:mod_ssl:Error: Private key not found. > **Stopped > ../bin/apachectl startssl: httpd could not be started > > > mod_ssl ssl_engine_log: > --------------- > > > > [29/Jul/2003 16:01:56 14867] [info] Server: Apache/1.3.27, Interface: > mod_ssl/2.8.14, Library: OpenSSL/0.9.7b > [29/Jul/2003 16:01:56 14867] [info] Init: 1st startup round (still not > detached) > [29/Jul/2003 16:01:56 14867] [info] Init: Initializing OpenSSL library > [29/Jul/2003 16:01:56 14867] [info] Init: Loading certificate & private key > of SSL-aware server earth.arx.com:443 > [29/Jul/2003 16:01:56 14867] [error] Init: Private key not found (OpenSSL > library error follows) > [29/Jul/2003 16:01:56 14867] [error] OpenSSL: error:0906D06C:PEM > routines:PEM_read_bio:no start line: Expecting: PUBLIC KEY: [Hint: Bad file > contents or format - or even just a forgotten SSLCertificateKeyFile?] > [29/Jul/2003 16:01:56 14867] [error] OpenSSL: error:26096080:engine > routines:ENGINE_load_private_key:failed loading private key: : > [29/Jul/2003 16:09:18 14885] [info] Server: Apache/1.3.27, Interface: > mod_ssl/2.8.14, Library: OpenSSL/0.9.7b > [29/Jul/2003 16:09:18 14885] [info] Init: 1st startup round (still not > detached) > [29/Jul/2003 16:09:18 14885] [info] Init: Initializing OpenSSL library > [29/Jul/2003 16:09:18 14885] [info] Init: Loading certificate & private key > of SSL-aware server earth.arx.com:443 > [29/Jul/2003 16:09:18 14885] [error] Init: Private key not found (OpenSSL > library error follows) > [29/Jul/2003 16:09:18 14885] [error] OpenSSL: error:0906D06C:PEM > routines:PEM_read_bio:no start line: Expecting: PUBLIC KEY: [Hint: Bad file > contents or format - or even just a forgotten SSLCertificateKeyFile?] > [29/Jul/2003 16:09:18 14885] [error] OpenSSL: error:26096080:engine > routines:ENGINE_load_private_key:failed loading private key: : ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]