[Date Prev] [Date Index] [Date Next] [Thread Prev] [Thread Index] [Thread Next]

Certificates (again)

Fabien Wernli wernli@in2p3.fr
Fri, 10 Nov 2006 06:27:19 -0800 (PST)


Can anyone give a simple example on how to use certificates please?
Basically what I did is:

1) run make inside of /usr/share/ssl/certs
   after adding the root certificate
2) run conserver with the following command line element:
   -c /opt/conserver/certs/conserver.pem
3) conserver starts fine, but I am unable to connect without using
   my certificate, which should be ok:
|   $ console -vx
|   console: interface address (lo)
|   console: interface address w.x.y.z (eth1)
|   console: SSLVerifyCallback(): error with certificate at depth: 0
|   console: SSLVerifyCallback():  issuer  = /C=FR/O=WXYZ/CN=ABCD
|   console: SSLVerifyCallback():  subject = /C=FR/O=WXYZ/OU=USR6402/CN=conserver.my.domain/emailAddress=email@my.domain
|   console: SSLVerifyCallback():  error #20: unable to get local issuer certificate
|   console: SSL negotiation failed
|   21520:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
|   verify failed:s3_clnt.c:843:

3) using a certificate, it doesn't work either:
|   $ console -vxc /var/tmp/my-user-cert.crt
|   console: interface address (lo)
|   console: interface address w.x.y.z (eth1)
|   Enter PEM pass phrase:
|   console: Could not SSL private key from '/var/tmp/my-user-cert.crt'

It may just be a trivial "wrong format" issue of my x509 certificate, but as
the documentation on these issues is quite lacking I am posting to the list.

What's unclear to me for instance is how do you handle permissions? Where
does one define whose cert can have access, and whose can't?

Thanks for help