Martin Müller - Rudolf Hausstein OHG wrote:
Charles Duffy schrieb:
Martin Müller - Rudolf Hausstein OHG wrote:
Sun 02/05/06 04:10 PM: Cannot load certificate file
/Users/martin/Library/openvpn/chefcsr.pem: error:0906D06C:PEM
routines:PEM_read_bio:no start line: error:140AD009:SSL
routines:SSL_CTX_use_certificate_file:PEM lib
I notice the "csr" in the filename. Is this a certificate signing
request, rather than an actual certificate?
I think you are right. I am very new in creating certificates. How
must the certificate look like?
The certificate file itself typically has a "crt" in the name. It's
created from a CSR by a CA -- which is to say that a user with no access
to a CA can create their own CSR (at the same time as generating a
private key), which they then submit to the CA to have it signed into a
CRT. That use case is important, because centrally generating
certificates from scratch at the CA means you need to distribute the
user's key to them -- which means that administrative staff has access
to that key (and can fall under suspicion if it's stolen) and that you
need to have a trustworthy transmission mechanism in place (and isn't
*setting up* such a mechanism much of the point of a VPN)?
A certificate in the correct format for usage with OpenVPN will also
start off with a textual description, something like the following:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: md5WithRSAEncryption
Issuer: <your CA>
Validity
Not Before: <start-date>
Not After : <end-date>
Subject: <this certificate's subject>
...and so forth, and eventually it'll have a line that looks like
-----BEGIN CERTIFICATE-----
...followed by the certificate contents, and
-----END CERTIFICATE-----
...at the end.
A certificate signing request, by contrast, has
-----BEGIN CERTIFICATE REQUEST-----
...at the beginning, followed by a blob of encoded data, and
-----END CERTIFICATE REQUEST-----
...at the end.
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users
Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-02/msg00106.html on line 222
Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-02/msg00106.html on line 222
|