Re: urgent help

Sadir Al-khafaji Thu, 9 Mar 2000 06:45:10 -0800

Richard i am sure you are righ and i am sorry if i was vague with my
question
ok lets start
Linux 2.2.13 SuSE
apache 1.3.9
here is what i have done
first i have issued a CA
then i issued a new cert with  which a signed with the following command
openssl x509 -req -in new.cert.csr -out client.cert.cert -signkey Ca.key
-CA saal-rsa.crt -CAkey Ca.key -CAcreateserial -days 365
Signature ok
subject=/C=SE/ST=na/L=na/O=na/OU=na/CN=foo.com/Email=na
Getting Private key
Getting CA Private Key
and it was ok then i was going to export it to pkcs12 and this is what i
have got

 openssl pkcs12 -export -in saal-rsa.crt -inkey privkey.pem -name "Test"
-caname "Test CA" -certfile new.cert.cert -out mycert.p12
Enter PEM pass phrase:
No certificate matches private key
saal:/cert # openssl pkcs12 -export -in new.cert.c -inkey privkey.pem
-name "Test" -caname "Test CA" -certfile saal-rsa.crt -out mycert.p12
new.cert.cert  new.cert.csr
saal:/cert # openssl pkcs12 -export -in new.cert.csr -inkey privkey.pem
-name "Test" -caname "Test CA" -certfile saal-rsa.crt -out mycert.p12
new.cert.csr
saal:/cert # openssl pkcs12 -export -in new.cert.csr -inkey privkey.pem
-name "Test" -caname "Test CA" -certfile saal-rsa.crt -out mycert.p12
Enter PEM pass phrase:
Error loading certificates from input
6114:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:610:

saal:/cert # openssl pkcs12 -nokeys -export -in new.cert.csr -inkey
privkey.pem -name "Test" -caname "Test CA" -certfile saal-rsa.crt -out
mycert.p12
Enter PEM pass phrase:
Error loading certificates from input
6137:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:610:

saal:/cert # openssl pkcs12 -nokeys -export -in new.cert.csr -inkey
new.cert.key -name "Test" -caname "Test CA" -certfile saal-rsa.crt -out
mycert.p12
Error loading certificates from input
6138:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:610:

saal:/cert # openssl pkcs12 -nokeys -export -in new.cert.csr -inkey
privkey.pem -name "Test" -caname "Test CA" -certfile saal-rsa.crt -out
mycert.p12
Enter PEM pass phrase:
Error loading certificates from input
6139:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:610:

saal:/cert # openssl pkcs12 -nokeys -export -in new.cert.cert -inkey
privkey.pem -name "Test" -caname "Test CA" -certfile saal-rsa.crt -out
mycert.p12
Enter PEM pass phrase:
Error loading private key
6140:error:06065064:digital envelope routines:EVP_DecryptFinal:bad
decrypt:evp_enc.c:243:
6140:error:0906A065:PEM routines:PEM_do_header:bad decrypt:pem_lib.c:399:
saal:/cert # openssl pkcs12 -nokeys -export -in new.cert.cert -inkey
privkey.pem -name "Test" -caname "Test CA" -certfile saal-rsa.crt -out
mycert.p12
Enter PEM pass phrase:
No certificate matches private key
saal:/cert # openssl pkcs12 -nokeys -export -in new.cert.csr -inkey
privkey.pem -name "Test" -caname "Test CA" -certfile saal-rsa.crt -out
mycert.p12
Enter PEM pass phrase:
Error loading certificates from input
6142:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:610:

saal:/cert # openssl pkcs12 -nokeys -export -in new.cert.csr -inkey  -name

"Test" -caname "Test CA" -certfile saal-rsa.crt -out mycert.p12
this is everything i have done but never got it right
Thanx
Sadir




Richard Levitte - VMS Whacker wrote:

> Sadir.Al-khafaji> urgent help, i am trying to get my browser to client
> Sadir.Al-khafaji> authenticate a an ssl server but it doesn't work.
> Sadir.Al-khafaji> Can any one help me out. do i have to generate a
> Sadir.Al-khafaji> server server and a client cert signed with ca so
> Sadir.Al-khafaji> that they can authenticate.
>
> Most of the times, it's a good idea to give the server a server
> certificate (I don't know if there's any browser that doesn't want to
> check that).  The server cert can very well be self-signed as far as I
> know, but if you want to do it right, it's definitelly better to have
> it signed by a correct CA.
>
> If you want ant more substantial help, it might be a good idea if you
> shared relevant logs and error messages from the browser as well as
> from the server with us.
>
> --
> Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
> Chairman@Stacken   \ S-168 35  BROMMA  \ T: +46-8-26 52 47
> Redakteur@Stacken   \      SWEDEN       \ or +46-708-26 53 44
> Procurator Odiosus Ex Infernis             -- [EMAIL PROTECTED]
>            Member of the OpenSSL development team
>
> Unsolicited commercial email is subject to an archival fee of $400.
> See <http://www.stacken.kth.se/~levitte/mail/> for more info.

begin:vcard 
n:Al-khafaji;Sadir
tel;cell:0709 800 909
tel;fax:08 781 27 34
tel;home:08 760 34 80
tel;work:08 781 47 48
x-mozilla-html:FALSE
org:Postcom;I&S
version:2.1
email;internet:[EMAIL PROTECTED]
title:Unix Technician
adr;quoted-printable:;;Olof Palmas GATA 29, 5tr=0D=0ANC=0D=0A10500 Stockholm;Stockholm;Stockholm;10500;Sweden
fn:SAAL002
end:vcard

S/MIME Cryptographic Signature

Re: urgent help

Reply via email to