Clever !
Not me, you...
It did the trick. The private key was so blatantly missing that I feel
deeply ashamed. Thank you very much.
What now happens is this:
Available compression methods:
NONE
server authentication
depth=0 error=18 /C=BE/O=home/CN=alain
Error string: self signed certificate
... ignored.
depth=0 /C=BE/O=home/CN=alain
TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
1 handshakes of 256 bytes done
Which is absolutely fine.
Samy Thiyagarajan wrote:
hi..
U need to add ur key file in ur options..
try to include -key ~/privkey.pem
lets see what happens then...
- samy
*Alain Damiral <[EMAIL PROTECTED]>*
Sent by:
[EMAIL PROTECTED]
13.01.2006 12:34
Please respond to
openssl-users@openssl.org
To
openssl-users@openssl.org
cc
Subject
Running ssltest -server_auth
Classification
Hello wonderful people.
I'm trying to use the ssltest program to get some typical server
authentication (against a self signed certificate) to work. Whatever I
try I just can't seem to get it right, could someone please indicate
which steps should be followed to achieve this ? It feels like it should
be quite a simple operation.
This is what I tried:
> openssl genrsa -out ~/privkey.pem 2048
> openssl req -new -x509 -key ~/privkey.pem -out ~/mycert.pem -days
1095 -config openssl.cnf
openssl.cnf is the "standard" config file in the apps directory,
containing the lines:
dir = ./demoCA # Where everything is kept
certificate = $dir/cacert.pem # The CA certificate
> ssltest -server_auth -cert ~/mycert.pem -CAfile
../apps/demoCA/cacert.pem
Ending up with this output:
Available compression methods:
NONE
2988:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:644:Expecting: ANY PRIVATE KEY
2988:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM
lib:ssl_rsa.c:669:
I'm probably missing something obvious, but my brain is currently weak
so I'd like to temporarily borrow one of yours on this matter.
Thank you for your time,
--
Alain Damiral,
I hope this message makes me look like a very intelligent person
Université Catholique de Louvain - student
alain.damiral'at'student.info.ucl.ac.be
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]