DeveloperSide.NET Forums
July 24, 2019, 12:35:22 AM *
Welcome, Guest. Please login or register.

Login with username, password and session length
News:
 
   Home   Help Search Login Register  
Pages: [1]
  Print  
Author Topic: Problem with ssl key creation  (Read 34834 times)
0 Members and 1 Guest are viewing this topic.
calculated_risk
Member
*
Posts: 3


View Profile
« on: March 23, 2004, 03:03:58 AM »

Thanks to the creator/s of devside for the very helpful site !  Sorry about the duplicate post  ( I didn't  state the problem I'm having)

I have been following the explicit instructions for setting up webservers.

I have hit a snag. Already installed and compiled zlib, ssl , and apache.
Using FedoraCore1

My question is about the ssl keys setup: Not real sure of what to do in certain strings.
Do I just enter the strings in bold or are the instructions under each string for modification or information?

* ...]# mkdir /usr/local/apache2/conf/ssl.crt
* ...]# mkdir /usr/local/apache2/conf/ssl.key
* Create a certificate signing request (server.csr) and private key (privkey.pem).
o ...]# openssl req -new -out server.csr
* Remove pass-phrase from private key (privkey.pem), creating server.key
o ...]# openssl rsa -in privkey.pem -out server.key
* Create a self-signed certificate, server.crt (public key).
o ...]# openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 365
* ...]# del .rnd
* [.rnd contains entropy information, could be used to re-create keys]
* ...]# del privkey.pem
* ...]# del server.csr
* [keep server.csr if you plan on self-signing any more keys and you want the authority to match up exactly]
* ...]# mv server.crt /usr/local/apache2/conf/ssl.crt
* ...]# mv server.key /usr/local/apache2/conf/ssl.key

Here is the output in terminal:

[root@server /]# mkdir /usr/local/apache2/conf/ssl.crt
[root@server /]# mkdir /usr/local/apache2/conf/ssl.key
[root@server /]# openssl req -new -out server.csr
Unable to load config info
Generating a 512 bit RSA private key
..++++++++++++
....++++++++++++
writing new private key to stdout
Enter PEM pass phrase: Here I entered a password. Is this correct?
Verifying - Enter PEM pass phrase: I re-entered same password here.
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,15DA650140A1DE8B

bVI8clsv4MfHg66Ym5IHTL9zToBKTTvdXoohD59atE1SPJmKLs+BJIkmYCg9Qu8k
RD0Kq0keovoAVqK7iYHQUMEwyShrhSmyrFZRv7itMKPwX8iW990QOlj
5KwExMZta5Tn95ckgEeGt9LheGtg1P2oBhOjsHnNd2qKJB0GkQvB+zuAjhn+gPjB
hDq0TioxnX9YG6EflFkppvSwd6maoZDCxN+s7KwriUACGYYcK/
GitQTbJtlBAnfsgDXFcH6Vz+L9c6jhefuUQUarvVTOlu4LXHDImCN+tA
lSzPS0OfZec63MwwEIL4wW2SYQssokeZgTt/lyWI/0c9LxSvGVo
JnX1KNCM8Yb9+r8DzYpJvDGyMVAEGOxSIyood9HXplM=
-----END RSA PRIVATE KEY-----
-----
unable to find 'distinguished_name' in config
problems making Certificate Request
13846:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:conf_lib.c:325:
[root@server /]# openssl rsa -in privkey.pem -out server.key
Error opening Private Key privkey.pem
13847:error:02001002:system library:fopen:No such file or directory:bss_file.c:276:fopen('privkey.pem','r')
13847:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:278:
unable to load Private Key
[root@server /]#

I followed the ssl instructions to the T. I have gone to great lengths to get this right and don't want to mess things up with a bad configuration. I'm just not sure as how to resolve this . Thanks for any responses.
Logged
admin
Administrator
Master of All Subjects
*****
Posts: 3272


View Profile WWW Email
« Reply #1 on: March 23, 2004, 04:39:36 AM »

Quote

Do I just enter the strings in bold or are the instructions under each string for modification or information?


Enter the "bold" code, the text "underneath" is pointing out what this code will do.  Sometimes, a clue is also left.

Quote

Unable to load config info
...
error
...


When building OpenSSL, you might have left something out, like a step or missing the path before the command...  That is the most likely explanation for all the errors.

Did you ldconfig OpenSSL, edit the PATHS, re-login, etc... ?

What is the output of...
/]# openssl version
/]# which openssl
while under the "/" (top) dir ?
Logged

DeveloperSide.NET
Advanced PHP and MySQL Solutions for your Web Design and Development needs with Web.Developer Server Suite.
Anonymous
Guest
« Reply #2 on: March 23, 2004, 05:01:33 AM »

Quote
Did you ldconfig OpenSSL, edit the PATHS, re-login, etc... ?

What is the output of...
/]# openssl version
/]# which openssl
while under the "/" (top) dir ?


I did ldconfig per instructions

.bash_profile  >># .bash_profile


if [ -f ~/.bashrc ]; then
   . ~/.bashrc
fi



PATH=$PATH:$HOME/bin
BASH_ENV=$HOME/.bashrc
USERNAME="root"
PATH=/usr/local/ssl/bin:$PATH
export USERNAME BASH_ENV PATH

[root@server /]# openssl version
OpenSSL 0.9.7d 17 Mar 2004

[root@server /]# which openssl
/usr/local/ssl/bin/openssl
[root@server /]# BINGO

while under the "/" (top) dir ?  bin ( I think this is what you are talking about. Under root the top directory?

I think that the location in openssl  is the problem .  Thanks for the speedy response !
Logged
Anonymous
Guest
« Reply #3 on: March 23, 2004, 05:03:55 AM »

what exactly i does the command "which openssl" represent ?
Is that's the location that should go into .bash_profile ?
Logged
admin
Administrator
Master of All Subjects
*****
Posts: 3272


View Profile WWW Email
« Reply #4 on: March 23, 2004, 05:30:01 AM »

No, it tells you the location of the openssl executable it would use, given your present position under the directory hierarchy and the PATH variable.

Example: you could have had a native OpenSSL package already installed and first under the PATH.

By the way, you could always do a "man which" or "man any-other-command" to get a better understanding of what that command does.

Your path BTW, looks fine. So we are at a missing/bad step.
Logged

DeveloperSide.NET
Advanced PHP and MySQL Solutions for your Web Design and Development needs with Web.Developer Server Suite.
Jorge
Customer, Basic Support
Guru
*****
Posts: 544

jorge_schrauwen@msn.com
View Profile WWW
« Reply #5 on: March 23, 2004, 03:34:44 PM »

i had the same error on windows
Quote

Here is the output in terminal:

[root@server /]# mkdir /usr/local/apache2/conf/ssl.crt
[root@server /]# mkdir /usr/local/apache2/conf/ssl.key
[root@server /]# openssl req -new -out server.csr
Unable to load config info

openssl can't find it's config file, you can suply the correct location with:
OPENSSL_CONF directive
Logged

calculated_risk
Member
*
Posts: 3


View Profile
« Reply #6 on: March 24, 2004, 04:11:11 AM »

I'm still having probs  with the key generation process
[
root@server /]# openssl req -new -out server.csr
Unable to load config info
Generating a 512 bit RSA private key
........++++++++++++
...++++++++++++
writing new private key to stdout
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,35E2509B36BBBE35
 
qYN+GbHrpdhXeUG93VgCXjADNAtPR13b1nTAagrKVRfQoXyag8jUgqr7mOYOhFm+
QMBqTiIsKamD/3GR/F2MciCdEFUpY+d3yoU0kBMGOxS2duM
JAg9g83gLJvgLRQ0osIrGYBcCWedJL28paYxycz9OSY68v0giq/wQAtk8tNNyYsw
SBz/NR9w94o9lVLOnzCh4ec+qFoEm9Hpn3Z4BBDln47ar2E5qcY07Z5A/nmhkMBa
Vfb/3nm7ikORPvK7YxlW4EyCY+pUyMuUOe1jInPQzhEfzt7F9orkGr5AfFItTrga
36I4/qbwSjOpnMsVKW+YuH7IYhPEXIOEV3Fb1eokn8s=
-----END RSA PRIVATE KEY-----
-----
unable to find 'distinguished_name' in config
problems making Certificate Request
2714:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or envi ronment variable:conf_lib.c:325:
[root@server /]# openssl rsa -in privkey.pem -out server.key
Error opening Private Key privkey.pem
2718:error:02001002:system library:fopen:No such file or directory:bss_file.c:276:fopen('privkey.pem','r')
2718:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:278:
unable to load Private Key

I completely re-ran the setup for ssl exactly as listed. Rebooted computer and  checked version (correct)  On make test everything showed ok.  I edited the httpd conf file as per the instructions for Apache with SSL PhP and zlib.  I compared the recommended conf file and my conf file and edited mine by adding the IfModule> at the bottom where "Bring in additional module-specific configurations" is located . Also edited ssl conf to reflect the correct document root.  

Any ideas what I'm doing wrong  ?

unable to find 'distinguished_name' in config ???

Excerpt from ssl.conf

DocumentRoot "/usr/local/webroot"
ServerName www.example.com:443 Would this be something like www.server.localhost.com ??

ServerAdmin you@example.com
ErrorLog /usr/local/apache2/logs/error_log
TransferLog /usr/local/apache2/logs/access_log


[root@server /]# openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 365
server.csr: No such file or directory
[root@server /]# del .rnd
bash: del: command not found
[root@server /]# del privkey.pem
bash: del: command not found
[root@server /]# del server.csr
bash: del: command not found
[root@server /]#
Logged
calculated_risk
Member
*
Posts: 3


View Profile
« Reply #7 on: March 24, 2004, 04:21:36 AM »

I guess that I need to study up some about  OPENSSL_CONF directive

[root@server bin]# ./apachectl startssl
Syntax error on line 239 of /usr/local/apache2/conf/httpd.conf:
Cannot load /usr/local/apache2/modules/mod_deflate.so into server: /usr/local/apache2/modules/mod_deflate.so: undefined symbol: deflate
Logged
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.9 | SMF © 2006-2009, Simple Machines LLC Valid XHTML 1.0! Valid CSS!