Date: Sun, 22 Jul 2012 08:38:18 +0200 From: Matthias Apitz <guru@unixarea.de> To: Chuck Swiger <cswiger@mac.com> Cc: freebsd-questions@freebsd.org Subject: Re: setting up an openssl client/server Message-ID: <20120722063818.GA2445@tinyCurrent> In-Reply-To: <E2209559-2902-48F4-93C1-224CDA680041@mac.com> References: <20120721155922.GA4774@tinyCurrent> <E2209559-2902-48F4-93C1-224CDA680041@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
El día Saturday, July 21, 2012 a las 11:46:52AM -0700, Chuck Swiger escribió:
> On Jul 21, 2012, at 8:59 AM, Matthias Apitz wrote:
> > Then I copy over the files client.pem and server.pem to the example
> > software:
> >
> > $ cp server.pem client.pem openssl-examples-20020110
>
> You also need to copy server.key and client.key.
Thanks for your hints.
After the procedure described in my first mail, I have the
following files in that dir:
$ ls -ltr *.*
-rw-r--r-- 1 guru wheel 963 21 jul 17:31 privkey.pem
-rw-r--r-- 1 guru wheel 993 21 jul 17:31 ca.pem
-rw-r--r-- 1 guru wheel 887 21 jul 17:32 server.key
-rw-r--r-- 1 guru wheel 603 21 jul 17:33 server.req
-rw-r--r-- 1 guru wheel 887 21 jul 17:35 client.key
-rw-r--r-- 1 guru wheel 603 21 jul 17:36 client.req
-rw-r--r-- 1 guru wheel 745 21 jul 17:36 client.pem
-rw-r--r-- 1 guru wheel 745 21 jul 18:08 server.pem
-rw-r--r-- 1 guru wheel 3 21 jul 18:08 file.srl
I followed your hint and copied as well server.key and client.key:
$ cp server.key client.key openssl-examples-20020110
and put the server.key into the PEM file:
$ cat server.key server.pem > openssl-examples-20020110/server.pem
the example server expects the file in the current dir, I go to it:
$ cd openssl-examples-20020110
but now it is missing the CA file:
$ ./wserver
Can't read CA list
2478:error:02001002:system library:fopen:No such file or
directory:/usr/home/guru/myThings/FreeBSD/9-CURRENT/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:126:fopen('root.pem','r')
2478:error:2006D080:BIO routines:BIO_new_file:no such
file:/usr/home/guru/myThings/FreeBSD/9-CURRENT/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:129:
2478:error:0B084002:x509 certificate
routines:X509_load_cert_crl_file:system
lib:/usr/home/guru/myThings/FreeBSD/9-CURRENT/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/x509/by_file.c:274:
as a guess I copied the CA file as:
$ cp ../ca.pem root.pem
with the result:
$ ./wserver
Couldn't open DH file
2483:error:02001002:system library:fopen:No such file or
directory:/usr/home/guru/myThings/FreeBSD/9-CURRENT/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:126:fopen('dh1024.pem','r')
2483:error:2006D080:BIO routines:BIO_new_file:no such
file:/usr/home/guru/myThings/FreeBSD/9-CURRENT/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:129:
but I have no file dh1024.pem :-(
What it is missing, as well in the pages of www.openssl.org and
www.freebsd.org, is a complete step by step guide to make certificates
and keys to SSL a simple client/server communition, or at least I can't
see them.
Thanks
matthias
--
Matthias Apitz
t +49-89-61308 351 - f +49-89-61308 399 - m +49-170-4527211
e <guru@unixarea.de> - w http://www.unixarea.de/
UNIX since V7 on PDP-11 | UNIX on mainframe since ESER 1055 (IBM /370)
UNIX on x86 since SVR4.2 UnixWare 2.1.2 | FreeBSD since 2.2.5
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120722063818.GA2445>