FW: [omniORB] ssl_echo example problem
Adila Botonjic
adila.botonjic at hermes.si
Thu Jul 20 09:47:00 BST 2006
Hi,
I discovered very soon after i wrote mail to omniORB mailing list that
the password is not a file but actual password itself, so i used my
actual password. Now server is working but client is still throwing out
Cought a CORBA:: SystemException: TRANSIENT
I'm generating keys and certificates in the way described bellow:
1. I created one directory in which i copied the demoCA directory
from etc/openssl/bin/PEM. DemoCA directory already contains
all necessary files (private/cakey.pem, cacert.pem, index.txt and
serial) for creating/generating a new keys and certificates. I also
added the C:\Openssl\bin in system path.
2. I created a new private key and certificate request(one for server
and one for client) with following command line:
openssl req -new -keyout serverreq.pem -out serverreq.pem -days
365
openssl req -new -keyout clientreq.pem -out clientreq.pem -days
365
3. then i signed the requests using the cacert.pem and commited the
certificate as servercert.pem and clientcert.pem:
openssl ca -policy policy_anything -out servercert.pem -infiles
serverreq.pem
openssl ca -policy policy_anything -out clientcert.pem -infiles
clientreq.pem
4. then i copied server's RSA private key from serverreq.pem file and
server's certificate from servercert.pem file to a new created file
(located in output directory of an executable file) serverfile.pem
so i got that:
---BEGIN RSA PRIVATE KEY--
......jshaskjdksdfj.....
--END RSA PRIVATE KEY---
---BEGIN CERTIFICATE---
....9234rzweurio2349...
---END CERTIFICATE------
And then i used it in: sslContext::key_file = "servercert.pem";
I did the same for client.
Instead of "root.pem" i used "cacert.pem" and for password the
actual password :-).
-----Original Message-----
From: Duncan Grisby [mailto:duncan at grisby.org]
Sent: Friday, July 14, 2006 11:47 AM
To: Adila Botonjic
Cc: omniorb-list at omniorb-support.com
Subject: Re: [omniORB] ssl_echo example problem
On Wednesday 12 July, "Adila Botonjic" wrote:
> I have a problem with the ssl_echo example. It works perfectly fine if
i
> use CA root.pem, key files server.pem and client.pem, but when i
create
> my own CA and server, client key files, it doesn't work. I get an
error:
>
> omniORB: sslContext.cc : error:06065064:digital envelope
> routines:EVP_DecryptFinal_ex:bad decrypt
How did you generate your keys? It's somewhat obscure, and it's very
easy to get it wrong.
> But if put in comments the /*sslContext::key_file_password =
"password";
> */ in both sides (server and client) then server works, but client
> throws out:
>
> Cought a CORBA:: SystemException: TRANSIENT
>
> So, is there some problem with the format for password file? Or does
> anybody knows how to solve this problem?
That value is not a password file, it's the actual password itself.
Maybe that's the problem?
Cheers,
Duncan.
--
-- Duncan Grisby --
-- duncan at grisby.org --
-- http://www.grisby.org --
More information about the omniORB-list
mailing list