[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[iaik-ssl] using iSaSiLk 2.5 with keys generated with openssl



Hello,

I'm trying to get a SSL-Server run with a test-certificate
being issued by VeriSign.

I generated an RSA-Key with openssl:

openssl genrsa -rand /dev/urandom -out key.pem 1024

I generated a CSR:

kimmerin@polly:> openssl req -new -key key.pem -out key.csr
Using configuration from /usr/ssl/openssl.cnf
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:DE
State or Province Name (full name) [Some-State]:Bavaria
Locality Name (eg, city) []:Munich
Organization Name (eg, company) [Internet Widgits Pty Ltd]:only chaos
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:Kimmeringer
Email Address []:kimmerin@online.de

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:notyourbusiness
An optional company name []:

... and tried to use this as certificate for the ssl-server.
(copied the key and the certificate together to the file
certs/serverRSA1024.pem)
I took the sources provided with the manual of the package,
here's the snipped for loading the RSA-Key

    try
    {
        KeyAndCertificate keyandcertificate = new KeyAndCertificate("certs/serverRSA1024.pem");
        EncryptedPrivateKeyInfo encryptedprivatekeyinfo = (EncryptedPrivateKeyInfo)keyandcertificate.getPrivateKey();
        encryptedprivatekeyinfo.decrypt("notyourbusiness");
        sslservercontext.setRSACertificate(keyandcertificate.getCertificateChain(), (RSAPrivateKey)encryptedprivatekeyinfo.getPrivateKeyInfo());
    }
    catch(Exception ex)
    {
        ex.printStackTrace();
        hs.sendMessage(errorLogger, "Unable to set RSA server certificate: " + ex.getMessage());
        hs.sendMessage(errorLogger, "RSA cipher-suites can not be used.");
    }

This leads to an exception:

sslListener: add Provider IAIK Security Provider v2.5100000000000002...
java.io.IOException: Unable to decode private key: java.security.InvalidKeyException: Can't parse PublicKeyInfo.
              at iaik.utils.KeyAndCertificate.<init>(Unknown Source)
              at iaik.utils.KeyAndCertificate.<init>(Unknown Source)
              at htmlServer.SSLSocketListener.run(SSLSocketListener.java:125)

So am I wrong? Is something missing? The manual doesn't tell very much
about key- and certificate-creation.


Any help is welcome

Thanks, Lothar
--
Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-ssl