I tried using SSL_CTX_use_certificate_chain_file(). The problem is that I keep getting the following error on the client side while trying to authenticate:
269:error:0B080074:x509 certificate routines:X509_check_private_key:key values m ismatch:c:\openssl\openssl\crypto\x509\x509_cmp.c:279: I think it may be a mistake in the way I'm making the certificates, not in the code. If somebody could help me with this, I would appreciate. Specifically, I'm looking for help making certificate chains. I'm doing the following steps: 1. Create CA certificate openssl req -new -newkey rsa:1024 -md5 -x509 -keyout cakey.pem -out cacert.pem 2. Then created the certificate request. openssl req -new -newkey rsa:512 -md5 -out clientreq.pem 3. Then signed it using CA's private key. openssl ca -in clientreq.pem -out client.pem -cert cacert.pem -keyfile cakey.pem -md md5 -policy policy_anything mv privkey.pem clientkey.pem I Repeated steps 2 and 3 to create server certificate. Then I concatenated the part of the client.pem file that is between the certificate indicators to the CA's certificate. The result is something like this: -----BEGIN CERTIFICATE----- ....(client cert) -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- ....(CA cert) -----END CERTIFICATE----- I wonder if I have to concatenate the whole client.pem file including the headers and key... I appreciate your help. Eduardo --- John Cronin <[EMAIL PROTECTED]> escribió: > And your problem is??? > > This should do what you ask. > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of > Eduardo Muñoz > Sent: 05 September 2002 17:02 > To: [EMAIL PROTECTED] > Subject: can anybody tell me what's wrong? > > > I'm building an application that needs client > authentication using certificates. I wan to be my > own > CA. I have already created the CA cert, the Client > and > Server certificates also and I've signed them with > the > CA cert. I don't know what do I have to do in order > to > get the cert chain. I think I have to make a chain > with the CA certificate and the client certificate, > but I don't know how. > > I've been reading a lot of posts regarding client > authentication, but I haven't been able to perform > it. > I don't know if my problem is related to the cert > chain or my code. My code is the following: > > // Snipped by JC for brevity > > ______________________________________________________________________ > OpenSSL Project > http://www.openssl.org > User Support Mailing List > [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] ===== _________________________________________________________ Do You Yahoo!? Información de Estados Unidos y América Latina, en Yahoo! Noticias. Visítanos en http://noticias.espanol.yahoo.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
