Hi Victor, I did specify the client key file to NULL. Then, I authenticated the client with a user id and password. That worked.
Why would the file not have a client private key? Thanks for your help. Liz -----Original Message----- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Viktor Dukhovni Sent: Friday, September 12, 2014 7:39 AM To: openssl-users@openssl.org Subject: Re: cannot read PEM key file - no start line On Fri, Sep 12, 2014 at 04:31:13AM -0400, Dave Thompson wrote: > *If* you are now using a legacy-format encrypted private-key (and your > original > > error message suggested you might need some form of private key, which > does > > necessarily mean legacy-format encrypted) yes 76 chars is a problem. That said, it seems more likely that the real issue is that client code should be attempting to employ a client certificate file. The OP provided a file with no client private key (there is none), and the software complains since no private key of any kind is found. The client key file should be initialized to NULL. Separately the client may need to specify trust anchors so that server validation succeeds. However, when it comes to X.509 PKI, the OP may be "in a maze of twisty little passages, all alike". I don't know how to bridge the gulf. Some sort of tutorial may be the a start. Any recommendations of a gentle introduction to X.509 certificates, keys, trust anchors, ... for operators and developers? -- Viktor. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org --- This email is free from viruses and malware because avast! Antivirus protection is active. http://www.avast.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
