setting up an openssl client/server
- From: Matthias Apitz <guru@xxxxxxxxxxx>
- Date: Sat, 21 Jul 2012 17:59:22 +0200
Hello,
I'm trying to build openssl keys to be used in a client/server connection
by the following procedure:
http://acs.lbl.gov/~boverhof/openssl_certs.html
Generating Client/Server certificates with a local CA
Generate a CA
1) openssl req -out ca.pem -new -x509
-generates CA file "ca.pem" and CA key "privkey.pem"
Generate server certificate/key pair - no password required.
2) openssl genrsa -out server.key 1024
3) openssl req -key server.key -new -out server.req
4) openssl x509 -req -in server.req -CA ca.pem -CAkey privkey.pem -CAserial file.srl -out server.pem
(contents of "file.srl" is a two digit number. eg. "00")
Generate client certificate/key pair
5) Either choose to encrypt the key(a) or not(b)
a. Encrypt the client key with a passphrase
openssl genrsa -des3 -out client.key 1024
b. Don't encrypt the client key (I used this)
openssl genrsa -out client.key 1024
6) openssl req -key client.key -new -out client.req
7) openssl x509 -req -in client.req -CA ca.pem -CAkey privkey.pem -CAserial file.srl -out client.pem
Then I copy over the files client.pem and server.pem to the example
software:
$ cp server.pem client.pem openssl-examples-20020110
but the server can't understand the file server.pem:
$ openssl-examples-20020110/wserver
Can't read key file
4783:error:0906D06C:PEM routines:PEM_read_bio:no start
line:/usr/home/guru/myThings/FreeBSD/9-CURRENT/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/pem/pem_lib.c:650:Expecting:
ANY PRIVATE KEY
4783:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM
lib:/usr/home/guru/myThings/FreeBSD/9-CURRENT/src/secure/lib/libssl/../../../crypto/openssl/ssl/ssl_rsa.c:669:
$ cat openssl-examples-20020110/server.pem
-----BEGIN CERTIFICATE-----
MIIB+TCCAWICAQMwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQVUxEzARBgNV
BAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0
ZDAeFw0xMjA3MjExNTM0MTZaFw0xMjA4MjAxNTM0MTZaMEUxCzAJBgNVBAYTAkFV
MRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRz
IFB0eSBMdGQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMSYH6rEOJHR86gi
IvkPlWIFTSjAdxw/M/RWiRVSF7nPyDrdjfZ6T6uCGu+gax72SOt3uGCGKKtWa58z
1R9EVvU5OhJNUDXU72yFAKpcAH04ysdf2eNyInMbj+s+DYNukrVofTnrkqjAq2YS
0fOQmH2LbmjKTn4Ia9d9iEFXvR4/AgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAT3Vm
EonQgYTwnktQMeRi7Uo40IYVXd3rNHeJFobVszP7ladNtBdjRAhD+03rbXBahxDA
IGo68N8LdS5wxdUjQizmyTCsBJI2oTpQeSkZ0BrDExs8NCz8OzhskdMdgRw3JUXD
tM6F1CUQbvpelHg9Yg3ILA5a4LE+nH774SyL+cE=
-----END CERTIFICATE-----
Perhaps something is wrong with the way used to generate the keys, but
what?
Thanks
matthias
--
Matthias Apitz
t +49-89-61308 351 - f +49-89-61308 399 - m +49-170-4527211
e <guru@xxxxxxxxxxx> - w http://www.unixarea.de/
UNIX since V7 on PDP-11 | UNIX on mainframe since ESER 1055 (IBM /370)
UNIX on x86 since SVR4.2 UnixWare 2.1.2 | FreeBSD since 2.2.5
_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"
- Prev by Date: error compiling mplayer
- Next by Date: X server already running on display :0
- Previous by thread: error compiling mplayer
- Next by thread: Re: setting up an openssl client/server
- Index(es):
Relevant Pages
|
