Mailinglist Archive: opensuse (3506 mails)

< Previous Next >
[opensuse] openssl verify fails for new key
  • From: "Michael Patschull" <mito73@xxxxxxx>
  • Date: Fri, 22 Sep 2006 00:56:00 +0200
  • Message-id: <20060921225600.46570@xxxxxxx>
Hello out there,

I already googled for a solution to the following problem, but
did not get an idea how to solve it (well, to be honest it's my
first time getting in the topic of ssl..)

I'am using OpenSuSE 10.1

I generated a ssl-crtificate like explained in the smbldap-howto
from www.idealx.com:

base directory: /etc/openldap

The following commands habe been executed:

01) mkdir certs csr data keys private data/ca.db.certs
02) ln -s data datas
03) touch private/ca.key data/ca.db.serial
04) cp /dev/null data/ca.db.index
05) openssl rand 1024 > data/random-bits
06) openssl genrsa -des3 -out private/ca.key 1024 -rand data/random-bits
07) chmod 600 private/ca.key
08) openssl req -new -x509 -days 3650 -key private/ca.key -out certs/ca.pem
09) echo ’01’ > data/ca.db.serial
10) openssl genrsa -out keys/ldap.pdnet.net.key 1024
11) openssl req -new -key keys/ldap.pdnet.net.key -out csr/ldap.pdnet.net.csr
12) openssl ca -config ca.conf -out certs/ldap.pdnet.net.txt -infiles csr/ldap.pdnet.net.csr
13) perl -n -e ’m/BEGIN CERTIFICATE/ && do {$$seen=1}; $$seen && print;’ < certs/ldap.pdnet.net.txt > ldap.pdnet.net.pem

This works fine. But when I verify the new certifiv´cate with the command
14) openssl verify -CAfile certs/ca.pem certs/ldap.pdnet.net.pem

I get the following out message:
certs/ldap.pdnet.net.pem: /C=DE/ST=Baden-Wuerttemberg/L=Stuttgart/O=Patschull-Design/OU=IT-Service/CN=Michael Patschull/emailAddress=michael@xxxxxxxxxxxx
error 18 at 0 depth lookup:self signed certificate
/C=DE/ST=Baden-Wuerttemberg/L=Stuttgart/O=Patschull-Design/OU=IT-Service/CN=Michael Patschull/emailAddress=michael@xxxxxxxxxxxx
error 7 at 0 depth lookup:certificate signature failure
10099:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01:rsa_pk1.c:100:
10099:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay.c:632:
10099:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib:a_verify.c:168:

Would be really great if someone had some hints for me how to solve this.

Thanks for your help,

Michael

--
NEU: GMX DSL Sofort-Start-Set - blitzschnell ins Internet!
Echte DSL-Flatrate ab 0,- Euro* http://www.gmx.net/de/go/dsl
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages