Hello,
> I'm attempting to load a server certificate into a
> server.
>
> I create the certificate using the following:
>
> Generate a CA
> 1) openssl req -out ca.pem -new -x509
> -generates CA file "ca.pem" and CA key
> "privkey.pem"
> Generate server certificate/key pair
> - no password required.
> 2) openssl genrsa -out server.key 1024
> 3) openssl req -key server.key -new -out server.req
>
> 4) openssl x509 -req -in server.req -CA CA.pem
> -CAkey privkey.pem -CAserial file.srl -out server.pem
> -contents of "file.srl" is a two digit number.
> eg. "00"
>
> I have a question concerning the following call:
>
> if
> (SSL_CTX_use_PrivateKey_file(ctx,PRIVKEY,SSL_FILETYPE_PEM)
> != 1)
> {
> ERR_print_errors_fp(stderr);
> printf("Error loading private key from file");
> }
>
> I'm passing into the PRIVKEY argument server.key? When
> I try to pass "privkey.pem" that was generated
> it wants to know the "Enter PEM pass phrase" which I
> entered. It then fails to load the private key from
> the file.
>
> Could somebody be so good to enlighten me on this?
You should not use CA private key, you should use server
private key in this code.
CA private key is only for signing certificates, crls but
not for SSL connection establishment.
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
