Re: Running ssltest -server_auth

Fri, 13 Jan 2006 07:48:07 -0800 

Clever !

Not me, you...
It did the trick. The private key was so blatantly missing that I feel deeply ashamed. Thank you very much. 

What now happens is this:

Available compression methods:
 NONE
server authentication
depth=0 error=18 /C=BE/O=home/CN=alain
Error string: self signed certificate
 ... ignored.
depth=0 /C=BE/O=home/CN=alain
TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
1 handshakes of 256 bytes done


Which is absolutely fine.




Samy Thiyagarajan wrote:



hi..

U need to add ur key file in ur options..
try to include -key ~/privkey.pem 
lets see what happens then...

- samy








*Alain Damiral <[EMAIL PROTECTED]>*

Sent by:
[EMAIL PROTECTED]

13.01.2006 12:34
Please respond to
openssl-users@openssl.org


        
To
        openssl-users@openssl.org
cc
        
Subject
        Running ssltest -server_auth
Classification
        



        





Hello wonderful people.

I'm trying to use the ssltest program to get some typical server
authentication (against a self signed certificate) to work. Whatever I
try I just can't seem to get it right, could someone please indicate
which steps should be followed to achieve this ? It feels like it should
be quite a simple operation.

This is what I tried:

> openssl genrsa -out ~/privkey.pem 2048

> openssl req -new -x509 -key ~/privkey.pem -out ~/mycert.pem -days
1095 -config openssl.cnf

openssl.cnf is the "standard" config file in the apps directory,
containing the lines:
dir        = ./demoCA        # Where everything is kept
certificate    = $dir/cacert.pem     # The CA certificate
> ssltest -server_auth -cert ~/mycert.pem -CAfile ../apps/demoCA/cacert.pem 

Ending up with this output:

Available compression methods:
 NONE
2988:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:644:Expecting: ANY PRIVATE KEY
2988:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM
lib:ssl_rsa.c:669:

I'm probably missing something obvious, but my brain is currently weak
so I'd like to temporarily borrow one of yours on this matter.

Thank you for your time,





--
Alain Damiral,

I hope this message makes me look like a very intelligent person

Université Catholique de Louvain - student
alain.damiral'at'student.info.ucl.ac.be

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to