SSL Signed sertificate
Dmitry Sergienko
dmitry at trifle.net
Wed Apr 30 02:37:24 EDT 2003
Christian Schulte wrote:
>> Cyrus 2.1.9 doesn't want to process it complaining that unable to load
>> it: TLS engine: cannot load CA data.
>>
> Depends on your vesion of openssl! Do you have CA.sh -newreq-nodes ? If
> yes, use that for the server certificates! Sendmail certificates will
> also require it. If you do not have it, you have to change the -newreg
> target in the CA.sh script to do the openssl-call with an added option
> -nodes. Something like that:
>
> -newreq-nodes)
> # create a certificate request with un-encrypted key
> $REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS
> RET=$?
> echo "Request (and private key) is in newreq.pem"
> ;;
>
> Recent versions of openssl seem to contain -newreq-nodes already however.
I've already tried this trick. Just added -nodes to openssl call on
-newreq. It generated me a certificate. But this certificate doesn't
work also:
Apr 30 09:30:20 dolphin imaps[2826]: TLS server engine: cannot load CA data
Apr 30 09:30:20 dolphin imaps[2826]: unable to get private key from
'/var/imap/server.pem'
Apr 30 09:30:20 dolphin /kernel: Apr 30 09:30:20 dolphin imaps[2826]:
unable to get private key from '/var/imap/server.pem'
Apr 30 09:30:20 dolphin imaps[2826]: TLS server engine: cannot load
cert/key data
Apr 30 09:30:20 dolphin /kernel: Apr 30 09:30:20 dolphin imaps[2826]:
TLS server engine: cannot load cert/key data
Apr 30 09:30:20 dolphin imaps[2826]: error initializing TLS
Apr 30 09:30:20 dolphin /kernel: Apr 30 09:30:20 dolphin imaps[2826]:
error initializing TLS
Apr 30 09:30:20 dolphin imaps[2826]: Fatal error: tls_init() failed
This is a certificate (all names are not real):
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd,
CN=dolphin.trifle.net
Validity
Not Before: Apr 30 06:24:22 2003 GMT
Not After : Apr 29 06:24:22 2004 GMT
Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd,
CN=dolphin.trif
le.net
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:c9:36:b5:f3:69:41:73:32:de:e2:b5:9f:a8:50:
21:9d:11:88:95:43:3e:cf:fd:a4:ea:07:ad:16:4d:
2a:12:4e:65:c9:2d:33:d9:f7:f4:f7:e9:dc:eb:a3:
5f:e4:27:23:2d:44:1e:b4:31:51:e9:3d:30:3c:88:
a5:32:c9:23:2c:83:0f:1c:ff:4e:14:f3:26:24:d0:
59:bd:e0:35:3d:d3:36:d3:be:29:a4:63:8d:1a:65:
f7:d0:cc:51:85:86:cd:ab:c0:e9:4c:0c:70:2a:75:
82:2a:98:3f:6e:46:fa:ad:98:f2:2c:18:8f:5c:82:
f5:63:73:73:b3:8a:6c:94:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
66:0B:D8:88:7B:A8:78:25:A7:8A:D7:E3:72:07:D2:35:EB:86:4B:4C
X509v3 Authority Key Identifier:
keyid:D4:05:58:64:EE:61:C9:75:76:C8:38:0C:5E:88:D7:25:32:76:95:21
DirName:/C=AU/ST=Some-State/O=Internet Widgits Pty
Ltd/CN=dolphin.tri
fle.net
serial:00
Signature Algorithm: md5WithRSAEncryption
56:2d:36:ac:b5:91:7c:ec:1a:8a:70:12:59:8a:32:e5:7d:72:
d6:32:d9:7d:6e:12:75:0e:2d:9d:34:9d:67:bd:64:c4:51:f7:
52:30:6a:c7:27:df:83:ba:45:ce:b5:4a:51:d6:ab:e5:a6:fa:
51:fa:33:b9:4a:88:7a:a7:65:c3:ab:33:5c:3e:3c:f8:66:c4:
e2:71:6b:71:b7:1a:9f:54:cf:9c:ab:82:e8:2e:7e:11:50:95:
2f:a8:fd:bf:e6:78:f6:9a:15:5d:e1:00:e0:a8:3f:b9:54:20:
06:df:5a:af:07:64:08:35:21:73:b0:67:5e:48:5d:b9:bc:cd:
40:00
-----BEGIN CERTIFICATE-----
MIIDJTCCAo6gAwIBAgIBATANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJBVTET
MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ
dHkgTHRkMRswGQYDVQQDExJkb2xwaGluLnRyaWZsZS5uZXQwHhcNMDMwNDMwMDYy
NDIyWhcNMDQwNDI5MDYyNDIyWjBiMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29t
ZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRswGQYD
VQQDExJkb2xwaGluLnRyaWZsZS5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
AoGBAMk2tfNpQXMy3uK1n6hQIZ0RiJVDPs/9pOoHrRZNKhJOZcktM9n39Pfp3Ouj
X+QnIy1EHrQxUek9MDyIpTLJIyyDDxz/ThTzJiTQWb3gNT3TNtO+KaRjjRpl99DM
UYWGzavA6UwMcCp1giqYP25G+q2Y8iwYj1yC9WNzc7OKbJSzAgMBAAGjgeowgecw
CQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2Vy
dGlmaWNhdGUwHQYDVR0OBBYEFGYL2Ih7qHglp4rX43IH0jXrhktMMIGMBgNVHSME
gYQwgYGAFNQFWGTuYcl1dsg4DF6I1yUydpUhoWakZDBiMQswCQYDVQQGEwJBVTET
MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ
dHkgTHRkMRswGQYDVQQDExJkb2xwaGluLnRyaWZsZS5uZXSCAQAwDQYJKoZIhvcN
AQEEBQADgYEAVi02rLWRfOwainASWYoy5X1y1jLZfW4SdQ4tnTSdZ71kxFH3UjBq
xyffg7pFzrVKUdar5ab6UfozuUqIeqdlw6szXD48+GbE4nFrcbcan1TPnKuC6C5+
EVCVL6j9v+Z49poVXeEA4Kg/uVQgBt9arwdkCDUhc7BnXkhdubzNQAA=
-----END CERTIFICATE-----
And looks like this certificate doesn't contain private key indeed.
What I do wrong?
--
Best wishes,
Dmitry Sergienko
More information about the Info-cyrus
mailing list