Fwd: ssl database connection problems...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





Begin forwarded message:

From: Carol Walter <walterc@xxxxxxxxxxx>
Date: December 31, 2008 11:16:01 AM GMT-05:00
To: Ray Stell <stellr@xxxxxxxxxx>
Subject: Re: ssl database connection problems...

Sorry, I obviously am pretty clueless.

Thanks,
Carol

On Dec 31, 2008, at 10:09 AM, Ray Stell wrote:

On Wed, Dec 31, 2008 at 09:19:12AM -0500, Carol Walter wrote:
Here's the output from s_client & s_server commands...

# openssl s_client
connect: Connection refused
connect:errno=146

oh, I think you need to use some more flags.  Take a look at
this howto:  http://www.madboa.com/geek/openssl/

Here's the output from the s_client command...
walterc@iris:~$ openssl s_client -connect db.slis.indiana.edu:5433
CONNECTED(00000005)
9726:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:../../../../common/openssl/ssl/s23_lib.c:226:

On the web site you directed me to, the s_server command uses a file called 'mycert.pem'.  Do you know what the system expecting for this file?  I tried running it without having 'mycert.pem' created and got errors saying that it couldn't open the file, of course.  Anyway, here's the output I got from that command...

bash-3.00# openssl s_server -accept 443 -cert mycert.pem -WWW
Using default temp DH parameters
unable to get certificate from 'mycert.pem'
7408:error:02001002:system library:fopen:No such file or directory:/on10/build-nd/G10U2B2/usr/src/common/openssl/crypto/bio/bss_file.c:104:fopen('mycert.pem','r')
7408:error:2006D080:BIO routines:BIO_new_file:no such file:/on10/build-nd/G10U2B2/usr/src/common/openssl/crypto/bio/bss_file.c:107:
7408:error:02001002:system library:fopen:No such file or directory:/on10/build-nd/G10U2B2/usr/src/common/openssl/crypto/bio/bss_file.c:276:fopen('mycert.pem','r')
7408:error:20074002:BIO routines:FILE_CTRL:system lib:/on10/build-nd/G10U2B2/usr/src/common/openssl/crypto/bio/bss_file.c:278:
7408:error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib:../../../../common/openssl/ssl/ssl_rsa.c:515:


I don't have a root.crt file.

# openssl  verify -CAfile ./root.crt testcert.pem

right, my file root.ca was self generated using openssl (I'm the CA).  It is
analogous to the CA chain you might buy from Thawte or some other trusted
authority.  It is the file that I used to sign my server crt file, testcrt.pem.
`
Yeah, you don't need it unless you want to auth a login with pg, but we
are not there yet.  You need to verify that openssl is not fubar first, right?


Best in 2009, everyone:  Carbon-free city under construction,   cool!

http://cosmos.bcst.yahoo.com/up/ynews;_ylt=AgPr9FSysEdu1cF5ydA9CPr737YB?ch=4226722&cl=11310260&lang=en



[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux