Steve Price wrote:
>
> On Sun, 7 May 2000, Doug Barton wrote:
>
> # Ok, here are some silly questions. Did you create a private key for
> # this server, did you encrypt your cert with it, and is that .key file
> # pointed to in your httpd.conf config file? SSLCertificateKeyFile is what
> #
On Sun, 7 May 2000, Steve Price wrote:
> # Then:
> #
> # dumpasn1 file.der
>
> root@bonsai(/usr/local/etc/apache/ssl.key)# dumpasn1 server.key
Nope, this is the .pem-encoded version. You need to decode it to .der
using:
openssl asn1parse -in server.key -out server.der
before running dumpasn1
On Sun, 7 May 2000, Doug Barton wrote:
# Ok, here are some silly questions. Did you create a private key for
# this server, did you encrypt your cert with it, and is that .key file
# pointed to in your httpd.conf config file? SSLCertificateKeyFile is what
# you're looking for. http://www.mo
Steve Price wrote:
>
> On Fri, 5 May 2000, Kris Kennaway wrote:
>
> # I'm suspecting it might be something missing in the ASN.1 encoding of the
> # certificate, which netscape requires but IE permits. This would be
> # consistent with a missing openssl.cnf file at the time of certificate
> # gen
On Sat, 6 May 2000, Kris Kennaway wrote:
# I'm strongly suspecting something wrong with the encoding of the
# certificate. Can you grab dumpasn1.c and dumpasn1.cfg from
[snip]
# Then:
#
# dumpasn1 file.der
root@bonsai(/usr/local/etc/apache/ssl.key)# dumpasn1 server.key
0 2D 45: Unknown (
On Sat, 6 May 2000, Kris Kennaway wrote:
> http://www.cs.auckland.ac.nz/~pgut001/dumpasn1.c
> and http://www.cs.auckland.ac.nz/~pgut001/dumpasn1.cfg
I've made these into a port, so you can just install the
converters/dumpasn1 port and save the minor trouble of editing the stupid
^Z out of the .c
On Sat, 6 May 2000, Garrett Wollman wrote:
> I've had this problem with recent values of OpenSSL since last
> November. I haven't gotten around to playing with permutations of the
I'm strongly suspecting something wrong with the encoding of the
certificate. Can you grab dumpasn1.c and dumpasn1.
On Sat, 6 May 2000, Garrett Wollman wrote:
# I've had this problem with recent values of OpenSSL since last
# November. I haven't gotten around to playing with permutations of the
# openssl.cnf file yet. I tried my site certificate on various versions
# of Netscape and Exploder, and all of them
< said:
> FWIW, I've had a weird (perhaps related) problem, only in the
> reverse. After creating a certificate (ie: 'make certificate' in
> apache), I was unable to connect to the server from a Netscape
> 4.72 browser. It only told me there was a decryption error in the
> apache logs.
I've h
On Sat, 6 May 2000, Louis A. Mamakos wrote:
> Just curious, but is there any documentation installed that describes
> what the contents of the file look like? I went on a hunt for this
> recently, and found precious little documentation on openssl provided
> with the system.
The sample file is
> On Fri, 5 May 2000, Kris Kennaway wrote:
>
> # It's not clear that you installed the openssl.cnf file before making the
> # cert - can you confirm?
>
> Yes I did. I put it in /etc/ssl as you suggested.
Just curious, but is there any documentation installed that describes
what the contents of
On Fri, 5 May 2000, Kris Kennaway wrote:
# It's not clear that you installed the openssl.cnf file before making the
# cert - can you confirm?
Yes I did. I put it in /etc/ssl as you suggested.
-steve
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the bod
On Fri, 5 May 2000, Steve Price wrote:
> It didn't help here. I rebuilt the port and re-installed from
> a clean WRKDIR and I get the same error message. If I do a
> 'make certificate', copy those files over, and try to start
> apache it just hangs definitely until I ^C it. After I kill
> it I
On Fri, 5 May 2000, Kris Kennaway wrote:
# How long ago was the previous port built?
>From the best I can remember it was sometime early to middle of
March.
# Do you still have the openssl
# port installed, if it was built against that?
Nope.
-steve
To Unsubscribe: send mail to [EMAIL PROT
On Fri, 5 May 2000, Kris Kennaway wrote:
# I'm suspecting it might be something missing in the ASN.1 encoding of the
# certificate, which netscape requires but IE permits. This would be
# consistent with a missing openssl.cnf file at the time of certificate
# generation. Could one of you try copy
On Fri, 5 May 2000, Forrest Aldrich wrote:
> Okay, I just did, using MS Explorer 5 and it worked with no problems.
> So, this is related to Netscape-4.72. But is it a bug on their part,
> or something else?
I'm suspecting it might be something missing in the ASN.1 encoding of the
certificate, w
Duh :) It didn't occur to me to try another browser:
Okay, I just did, using MS Explorer 5 and it worked with no problems.
So, this is related to Netscape-4.72. But is it a bug on their part,
or something else?
Forrest
On Fri, May 05, 2000 at 10:49:04PM -0500, Steve Price wrote:
> On Fri, 5
On Fri, 5 May 2000, Steve Price wrote:
> Nope. I generated the key with 'make certificate' on the
> apache13-php4 port. Here's what openssl says about the key.
>
> % openssl rsa -noout -text -in server.key | grep bit
> Private-Key: (1024 bit)
> %
It sounds like somehting is broken with the c
On Fri, 5 May 2000, Forrest Aldrich wrote:
# FWIW, I've had a weird (perhaps related) problem, only in the
# reverse. After creating a certificate (ie: 'make certificate' in
# apache), I was unable to connect to the server from a Netscape
# 4.72 browser. It only told me there was a decryption
On Fri, 5 May 2000, Kris Kennaway wrote:
# #define RSAREF_F_RSAREF_BN2BIN 101
# #define RSAREF_R_LEN 0x0406
#
# RSARef can't handle keys > 1024 bits long. This is a design limitation
# which the license forbids us from fixing.
#
# Do
On Fri, 5 May 2000, Forrest Aldrich wrote:
> I understand, from private correspondence, that OpenSSH will have
> SSH2 protocol support, thus allowing people to not use RSA. Can
> someone confirm as it applies to use on FreeBSD.
It's being developed in the current version of OpenSSH. I'll proba
I understand, from private correspondence, that OpenSSH will have
SSH2 protocol support, thus allowing people to not use RSA. Can
someone confirm as it applies to use on FreeBSD.
I personally find the RSARef licensing to be a sham, in the light
of everything else on the internet, an would rathe
FWIW, I've had a weird (perhaps related) problem, only in the
reverse. After creating a certificate (ie: 'make certificate' in
apache), I was unable to connect to the server from a Netscape
4.72 browser. It only told me there was a decryption error in the
apache logs.
?
On Fri, May 05, 2000
On Fri, 5 May 2000, Steve Price wrote:
> [Fri May 5 20:46:19 2000] [error] OpenSSL: error:1E06D401:RSAref
> routines:func(109) :reason(1025)
You can interpret these error codes by looking up the defines in
- for example, these two are:
#define RSAREF_F_RSA_REF_PRIVATE_DECRYPT 1
Is anyone else noticing the following problems on their
-current boxen? I first noticed when my apache webserver
quit allowing secure connections with errors like this.
[Fri May 5 20:46:19 2000] [error] mod_ssl: SSL handshake failed (server
new.host.name:443, client 127.0.0.1) (OpenSSL library
25 matches
Mail list logo
