[Date Prev] [Date Index] [Date Next] [Thread Prev] [Thread Index] [Thread Next]
Fabien Wernli wernli@in2p3.fr
Fri, 10 Nov 2006 06:27:19 -0800 (PST)
Hi, Can anyone give a simple example on how to use certificates please? Basically what I did is: 1) run make inside of /usr/share/ssl/certs after adding the root certificate 2) run conserver with the following command line element: -c /opt/conserver/certs/conserver.pem 3) conserver starts fine, but I am unable to connect without using my certificate, which should be ok: | $ console -vx | console: interface address 127.0.0.1 (lo) | console: interface address w.x.y.z (eth1) | console: SSLVerifyCallback(): error with certificate at depth: 0 | console: SSLVerifyCallback(): issuer = /C=FR/O=WXYZ/CN=ABCD | console: SSLVerifyCallback(): subject = /C=FR/O=WXYZ/OU=USR6402/CN=conserver.my.domain/emailAddress=email@my.domain | console: SSLVerifyCallback(): error #20: unable to get local issuer certificate | console: SSL negotiation failed | 21520:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate | verify failed:s3_clnt.c:843: 3) using a certificate, it doesn't work either: | $ console -vxc /var/tmp/my-user-cert.crt | console: interface address 127.0.0.1 (lo) | console: interface address w.x.y.z (eth1) | Enter PEM pass phrase: | console: Could not SSL private key from '/var/tmp/my-user-cert.crt' It may just be a trivial "wrong format" issue of my x509 certificate, but as the documentation on these issues is quite lacking I am posting to the list. What's unclear to me for instance is how do you handle permissions? Where does one define whose cert can have access, and whose can't? Thanks for help