I've always wondered why servers bother to encrypt the private key. The
passphrase is right there in the server configuration so why bother?
Kris
-Original Message-
From: AOLserver Discussion [mailto:[EMAIL PROTECTED]]On Behalf
Of Scott Goodwin
Sent: Mon, 05-14-01 02:40p
To: [EMAIL PROTECTED]
Subject: Re: [AOLSERVER] nsssl - openssl ?
Make sure your private key is not passphrase-protected; if it is, it'll
fail to be loaded by the server. You can use openssl to take the
passphrase
off, but make sure you lock up this file so that only the server can read
it (root will also be able to read it, obviously):
openssl rsa -in key1.pem -out key2.pem
The latest version is nsopenssl-1.1 and is available at http://scottg.net.
You'll want to use this version, and it requires OpenSSL 0.9.6 or higher
(though I haven't tested with 0.9.6a yet).
/s.
O.K,
With a little Makefile and source hacking I got nsopenssl.so to
build. (OPENSSL_free isn't in my version of OpenSSL, was it added
later? [tclcmds.c])
Now my problem is that the module fails to load the certfile.pem. I
created my own self-signed certificate using openssl, and from what I
can tell it looks O.K. Has anyone tryed this before? I just think
I'm missing something that my brain can't figure out. :-)
P.S.
The cert was generated from an unencrypted 3DES 1024-bit key if that
helps any.
Daniel P. Stasinski wrote:
I was wondering if there was anything in the works to port
nsssl from BSAFE to OpenSSL? It appears that getting
your hands on BSAFE would be the first problem.
Try nsopenssl at:
http://scottg.net/webtools/opennsd/modules/nsopenssl/
Daniel P. Stasinski
http://www.disabilities-r-us.com
[EMAIL PROTECTED]
