cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: Private key problem

From: Goetz Babin-Ebell <babinebell_at_trustcenter.de>
Date: Thu, 05 Dec 2002 15:58:52 +0100

Andrey S. Goncherov wrote:
> Hello Goetz Babin-Ebell.
Hello Andrey,

>>>>> ./curl --key ./private.key --cacert ./ca_new.txt -v --cert
>>>>> ./www_site_com.crt https://secure.authorize.net/gateway/transact.dll

>>>>>* About to connect() to secure.authorize.net:443
>>>>>* Connected to secure.authorize.net (206.253.210.201) port 443
>>>>>* unable to set private key file
>>>>>* Closing connection #0
>>>>>curl: (58) unable to set private key file
>>>
>>>GBE> Is in www_site_com.crt your certificate ?
>>> yes - it's 100% correct certificate from comodo.net or .org
>>>GBE> the key in --key must match the cert in --cert ...
>>> as private key we put private key generated by
>>> openssl req �new �nodes -keyout myserver.key �out server.csr

> GBE> what gives
> GBE> openssl x509 -text -noout -in www_site_com.crt
> Certificate:
> Data:
> Version: 3 (0x2)
> Serial Number:
> 18:29:85:cd:98:3a:d1:a2:d1:c5:fa:2c:e2:8b:c9:a5
> Signature Algorithm: sha1WithRSAEncryption
> Issuer: C=GB, O=Comodo Limited, OU=Comodo Trust Network, OU=Terms and Co
> nditions of use: http://www.comodo.net/repository, OU=(c)2002 Comodo Limited, CN
> =Comodo Class 3 Security Services CA
> Validity
> Not Before: Nov 7 00:00:00 2002 GMT
> Not After : Nov 7 23:59:59 2003 GMT
> Subject: C=US/2.5.4.17=16601, ST=PA, L=Altoona/2.5.4.9=Altoona/2.5.4.9=R
> D 5 Box 3764, O=Taoti, OU=Taoti Enterprises, Inc., OU=InstantSSL, CN=www.taoti.c
> om
[...]

> GBE> And try
> GBE> openssl s_client -connect secure.authorize.net:443 \
> GBE> -key ./private.key -cert ./www_site_com.crt -debug
> unable to get private key from './private.key'
> 6720:error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch:x509_cmp.c:279:

Here is the answer:
the key does not match the certificate...

> GBE> But why give you a client key/cert ?
> GBE> the site requires no client authentication....
> If I try to connect without defination certificates and key
> using

> openssl s_client -connect secure.authorize.net:443 -debug
>
> it show
>
> ...
> ---
> Certificate chain
> 0 s:/C=US/ST=Utah/L=Provo/O=AUTHORIZE.NET CORPORATION/OU=DEVELOPMENT/OU=Terms of use at www.verisign.com/RPA (c)01/CN=SECURE.AUTHORIZE.NET
> i:/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
> ---
[...]
> subject=/C=US/ST=Utah/L=Provo/O=AUTHORIZE.NET CORPORATION/OU=DEVELOPMENT/OU=Terms of use at www.verisign.com/RPA (c)01/CN=SECURE.AUTHORIZE.NET
> issuer=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
> ---
> No client certificate CA names sent

Here: the server sent no list of trusted CA certificates for
client authorisation:
no client authorisation posssible...

[...]

> may be my private key is wrong? May be I generate not correct
> private.key? If so how to generate it correct?

try an

openssl req -new -newkey rsa:1024 -keyout mykey.pem -nodes -out myreq.pem

And now send the myreq.pem to your CA to get an new certificate.

Bye

Goetz

-- 
Goetz Babin-Ebell, TC TrustCenter AG, http://www.trustcenter.de
Sonninstr. 24-28, 20097 Hamburg, Germany
Tel.: +49-(0)40 80 80 26 -0,  Fax: +49-(0)40 80 80 26 -126

-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf

application/x-pkcs7-signature attachment: S/MIME Cryptographic Signature

Received on 2002-12-05

This message: [ Message body ]
Next message: noreply_at_sourceforge.net: "[ curl-Bugs-649278 ] HTTP POST hang in sending a big file"
Previous message: Bruce Miranda: "RE: HTTPS Upload, is this fixed ?"
In reply to: Andrey S. Goncherov: "Re[2]: Private key problem"
Next in thread: Andrey S. Goncherov: "Re[2]: Private key problem"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]