On Fri, Sep 06, 2002 at 08:15:40AM -0500, Eduardo Muņoz wrote:
> I tried using SSL_CTX_use_certificate_chain_file().
> The problem is that I keep getting the following error
> on the client side while trying to authenticate:
>
> 269:error:0B080074:x509 certificate
> routines:X509_check_private_key:key values m
> ismatch:c:\openssl\openssl\crypto\x509\x509_cmp.c:279:
>
> I think it may be a mistake in the way I'm making the
> certificates, not in the code. If somebody could help
> me with this, I would appreciate. Specifically, I'm
> looking for help making certificate chains.
>
> I'm doing the following steps:
>
> 1. Create CA certificate
>
> openssl req -new -newkey rsa:1024 -md5 -x509 -keyout
> cakey.pem -out cacert.pem
>
> 2. Then created the certificate request.
>
> openssl req -new -newkey rsa:512 -md5 -out
> clientreq.pem
>
> 3. Then signed it using CA's private key.
>
> openssl ca -in clientreq.pem -out client.pem -cert
> cacert.pem -keyfile cakey.pem -md
> md5 -policy policy_anything
>
> mv privkey.pem clientkey.pem
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Where does privkey.pem come from? It was nowhere mentioned before.
With openssl req -newkey you are generating a new key that should
to be found in clientreq.pem. This is the key machting the new client.pem.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
