Openssl fails to use the generated X509 certificate and Private key files
up vote
-1
down vote
favorite
I am trying to use Openssl and I am running into issues trying to initialize the X509 certificate to use and the key file. Below is my code but apparently the calls to SSL_CTX_use_PrivateKey_file() and SSL_CTX_use_certificate_file() fail. Below is my code. The 2 files are generated using openssl and have names cert.pem and key.pem respectively.
Can anyone please help me out as to why I am failing those 2 calls ? The SSL context is created fine i.e no error there. I am using OpenSSL 1.0.2g.
There was another issue on stackoverflow that referred to something similar and the fix was to add a call to SSL_library_init(); which I did but that does not seem to make a difference.
SSL_load_error_strings();
SSL_library_init();
OpenSSL_add_all_algorithms();
const SSL_METHOD *method;
method = SSLv23_server_method();
ctx = SSL_CTX_new(method);
if (!ctx) {
syslog(LOG_INFO, "%s", "Could not generate SSL context!!");
err = -1;
}
SSL_CTX_set_ecdh_auto(ctx, 1);
char hname[NI_MAXHOST];
gethostname(hname, NI_MAXHOST);
key_path += "/" + std::string(hname) + "/";
const std::string crt = key_path + "cert.pem";
const std::string key = key_path + "key.pem";
const char *ccrt = crt.c_str();
const char *ckey = key.c_str();
/* Set the key and cert */
if (SSL_CTX_use_certificate_file(ctx, ccrt, SSL_FILETYPE_PEM) <= 0) {
syslog(LOG_INFO, "%s", "Could not use SSL certificate!!");
err = -1;
}
if (SSL_CTX_use_PrivateKey_file(ctx, ckey, SSL_FILETYPE_PEM) <= 0 ) {
syslog(LOG_INFO, "%s", "Could not use SSL Key!!");
err = -1;
}
Commands to generate the cert and key files
openssl genrsa -out key.pem 4096
openssl req -new -x509 -days 365 -key key.pem -out cert.pem
Turns out the absolute path to the cert.pem and key.pem files was wrong.
When I added the right path, the function calls seem to work.
ssl openssl ssl-certificate x509certificate
asked Nov 20 at 4:13
PeterJ
34
|
show 2 more comments
up vote
-1
down vote
favorite
I am trying to use Openssl and I am running into issues trying to initialize the X509 certificate to use and the key file. Below is my code but apparently the calls to SSL_CTX_use_PrivateKey_file() and SSL_CTX_use_certificate_file() fail. Below is my code. The 2 files are generated using openssl and have names cert.pem and key.pem respectively.
Can anyone please help me out as to why I am failing those 2 calls ? The SSL context is created fine i.e no error there. I am using OpenSSL 1.0.2g.
There was another issue on stackoverflow that referred to something similar and the fix was to add a call to SSL_library_init(); which I did but that does not seem to make a difference.
SSL_load_error_strings();
SSL_library_init();
OpenSSL_add_all_algorithms();
const SSL_METHOD *method;
method = SSLv23_server_method();
ctx = SSL_CTX_new(method);
if (!ctx) {
syslog(LOG_INFO, "%s", "Could not generate SSL context!!");
err = -1;
}
SSL_CTX_set_ecdh_auto(ctx, 1);
char hname[NI_MAXHOST];
gethostname(hname, NI_MAXHOST);
key_path += "/" + std::string(hname) + "/";
const std::string crt = key_path + "cert.pem";
const std::string key = key_path + "key.pem";
const char *ccrt = crt.c_str();
const char *ckey = key.c_str();
/* Set the key and cert */
if (SSL_CTX_use_certificate_file(ctx, ccrt, SSL_FILETYPE_PEM) <= 0) {
syslog(LOG_INFO, "%s", "Could not use SSL certificate!!");
err = -1;
}
if (SSL_CTX_use_PrivateKey_file(ctx, ckey, SSL_FILETYPE_PEM) <= 0 ) {
syslog(LOG_INFO, "%s", "Could not use SSL Key!!");
err = -1;
}
Commands to generate the cert and key files
openssl genrsa -out key.pem 4096
openssl req -new -x509 -days 365 -key key.pem -out cert.pem
Turns out the absolute path to the cert.pem and key.pem files was wrong.
When I added the right path, the function calls seem to work.
ssl openssl ssl-certificate x509certificate
asked Nov 20 at 4:13
PeterJ
34
2
"... but apparently the calls to ... fail." - openssl provides more detailed error messages then just fail. Please use these in your code and provide these in your question. See ERR_print_errors and similar.
– Steffen Ullrich
Nov 20 at 5:02
@SteffenUllrich It seems there was something wrong with the cert.
– PeterJ
Nov 20 at 8:34
You will need to define "something wrong" a little better...
– Patrick Mevzek
Nov 20 at 15:13
@PatrickMevzek The absolute path was wrong. I am not sure if you downvoted the question, but dont think that was necessary.
– PeterJ
Nov 20 at 21:05
It is impossible to answer your question because it lacks specific details. See Steffen comment and define "fail" precisely by editing your post and adding appropriate troubleshooting results.
– Patrick Mevzek
Nov 20 at 21:13
|
show 2 more comments
up vote
-1
down vote
favorite
up vote
-1
down vote
favorite
I am trying to use Openssl and I am running into issues trying to initialize the X509 certificate to use and the key file. Below is my code but apparently the calls to SSL_CTX_use_PrivateKey_file() and SSL_CTX_use_certificate_file() fail. Below is my code. The 2 files are generated using openssl and have names cert.pem and key.pem respectively.
Can anyone please help me out as to why I am failing those 2 calls ? The SSL context is created fine i.e no error there. I am using OpenSSL 1.0.2g.
There was another issue on stackoverflow that referred to something similar and the fix was to add a call to SSL_library_init(); which I did but that does not seem to make a difference.
SSL_load_error_strings();
SSL_library_init();
OpenSSL_add_all_algorithms();
const SSL_METHOD *method;
method = SSLv23_server_method();
ctx = SSL_CTX_new(method);
if (!ctx) {
syslog(LOG_INFO, "%s", "Could not generate SSL context!!");
err = -1;
}
SSL_CTX_set_ecdh_auto(ctx, 1);
char hname[NI_MAXHOST];
gethostname(hname, NI_MAXHOST);
key_path += "/" + std::string(hname) + "/";
const std::string crt = key_path + "cert.pem";
const std::string key = key_path + "key.pem";
const char *ccrt = crt.c_str();
const char *ckey = key.c_str();
/* Set the key and cert */
if (SSL_CTX_use_certificate_file(ctx, ccrt, SSL_FILETYPE_PEM) <= 0) {
syslog(LOG_INFO, "%s", "Could not use SSL certificate!!");
err = -1;
}
if (SSL_CTX_use_PrivateKey_file(ctx, ckey, SSL_FILETYPE_PEM) <= 0 ) {
syslog(LOG_INFO, "%s", "Could not use SSL Key!!");
err = -1;
}
Commands to generate the cert and key files
openssl genrsa -out key.pem 4096
openssl req -new -x509 -days 365 -key key.pem -out cert.pem
Turns out the absolute path to the cert.pem and key.pem files was wrong.
When I added the right path, the function calls seem to work.
ssl openssl ssl-certificate x509certificate
asked Nov 20 at 4:13
PeterJ
34
I am trying to use Openssl and I am running into issues trying to initialize the X509 certificate to use and the key file. Below is my code but apparently the calls to SSL_CTX_use_PrivateKey_file() and SSL_CTX_use_certificate_file() fail. Below is my code. The 2 files are generated using openssl and have names cert.pem and key.pem respectively.
Can anyone please help me out as to why I am failing those 2 calls ? The SSL context is created fine i.e no error there. I am using OpenSSL 1.0.2g.
There was another issue on stackoverflow that referred to something similar and the fix was to add a call to SSL_library_init(); which I did but that does not seem to make a difference.
SSL_load_error_strings();
SSL_library_init();
OpenSSL_add_all_algorithms();
const SSL_METHOD *method;
method = SSLv23_server_method();
ctx = SSL_CTX_new(method);
if (!ctx) {
syslog(LOG_INFO, "%s", "Could not generate SSL context!!");
err = -1;
}
SSL_CTX_set_ecdh_auto(ctx, 1);
char hname[NI_MAXHOST];
gethostname(hname, NI_MAXHOST);
key_path += "/" + std::string(hname) + "/";
const std::string crt = key_path + "cert.pem";
const std::string key = key_path + "key.pem";
const char *ccrt = crt.c_str();
const char *ckey = key.c_str();
/* Set the key and cert */
if (SSL_CTX_use_certificate_file(ctx, ccrt, SSL_FILETYPE_PEM) <= 0) {
syslog(LOG_INFO, "%s", "Could not use SSL certificate!!");
err = -1;
}
if (SSL_CTX_use_PrivateKey_file(ctx, ckey, SSL_FILETYPE_PEM) <= 0 ) {
syslog(LOG_INFO, "%s", "Could not use SSL Key!!");
err = -1;
}
Commands to generate the cert and key files
openssl genrsa -out key.pem 4096
openssl req -new -x509 -days 365 -key key.pem -out cert.pem
Turns out the absolute path to the cert.pem and key.pem files was wrong.
When I added the right path, the function calls seem to work.
ssl openssl ssl-certificate x509certificate
ssl openssl ssl-certificate x509certificate
asked Nov 20 at 4:13
PeterJ
34
asked Nov 20 at 4:13
PeterJ
34
edited Nov 20 at 23:16
asked Nov 20 at 4:13
PeterJ
34
asked Nov 20 at 4:13
PeterJ
34
asked Nov 20 at 4:13
PeterJ
34
34
2
"... but apparently the calls to ... fail." - openssl provides more detailed error messages then just fail. Please use these in your code and provide these in your question. See ERR_print_errors and similar.
– Steffen Ullrich
Nov 20 at 5:02
@SteffenUllrich It seems there was something wrong with the cert.
– PeterJ
Nov 20 at 8:34
You will need to define "something wrong" a little better...
– Patrick Mevzek
Nov 20 at 15:13
@PatrickMevzek The absolute path was wrong. I am not sure if you downvoted the question, but dont think that was necessary.
– PeterJ
Nov 20 at 21:05
It is impossible to answer your question because it lacks specific details. See Steffen comment and define "fail" precisely by editing your post and adding appropriate troubleshooting results.
– Patrick Mevzek
Nov 20 at 21:13
|
show 2 more comments
2
"... but apparently the calls to ... fail." - openssl provides more detailed error messages then just fail. Please use these in your code and provide these in your question. See ERR_print_errors and similar.
– Steffen Ullrich
Nov 20 at 5:02
@SteffenUllrich It seems there was something wrong with the cert.
– PeterJ
Nov 20 at 8:34
You will need to define "something wrong" a little better...
– Patrick Mevzek
Nov 20 at 15:13
@PatrickMevzek The absolute path was wrong. I am not sure if you downvoted the question, but dont think that was necessary.
– PeterJ
Nov 20 at 21:05
It is impossible to answer your question because it lacks specific details. See Steffen comment and define "fail" precisely by editing your post and adding appropriate troubleshooting results.
– Patrick Mevzek
Nov 20 at 21:13
2
2
"... but apparently the calls to ... fail." - openssl provides more detailed error messages then just fail. Please use these in your code and provide these in your question. See ERR_print_errors and similar.
– Steffen Ullrich
Nov 20 at 5:02
"... but apparently the calls to ... fail." - openssl provides more detailed error messages then just fail. Please use these in your code and provide these in your question. See ERR_print_errors and similar.
– Steffen Ullrich
Nov 20 at 5:02
@SteffenUllrich It seems there was something wrong with the cert.
– PeterJ
Nov 20 at 8:34
@SteffenUllrich It seems there was something wrong with the cert.
– PeterJ
Nov 20 at 8:34
You will need to define "something wrong" a little better...
– Patrick Mevzek
Nov 20 at 15:13
You will need to define "something wrong" a little better...
– Patrick Mevzek
Nov 20 at 15:13
@PatrickMevzek The absolute path was wrong. I am not sure if you downvoted the question, but dont think that was necessary.
– PeterJ
Nov 20 at 21:05
@PatrickMevzek The absolute path was wrong. I am not sure if you downvoted the question, but dont think that was necessary.
– PeterJ
Nov 20 at 21:05
It is impossible to answer your question because it lacks specific details. See Steffen comment and define "fail" precisely by editing your post and adding appropriate troubleshooting results.
– Patrick Mevzek
Nov 20 at 21:13
It is impossible to answer your question because it lacks specific details. See Steffen comment and define "fail" precisely by editing your post and adding appropriate troubleshooting results.
– Patrick Mevzek
Nov 20 at 21:13
|
show 2 more comments
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53386120%2fopenssl-fails-to-use-the-generated-x509-certificate-and-private-key-files%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
2
"... but apparently the calls to ... fail." - openssl provides more detailed error messages then just fail. Please use these in your code and provide these in your question. See ERR_print_errors and similar.
– Steffen Ullrich
Nov 20 at 5:02
@SteffenUllrich It seems there was something wrong with the cert.
– PeterJ
Nov 20 at 8:34
You will need to define "something wrong" a little better...
– Patrick Mevzek
Nov 20 at 15:13
@PatrickMevzek The absolute path was wrong. I am not sure if you downvoted the question, but dont think that was necessary.
– PeterJ
Nov 20 at 21:05
It is impossible to answer your question because it lacks specific details. See Steffen comment and define "fail" precisely by editing your post and adding appropriate troubleshooting results.
– Patrick Mevzek
Nov 20 at 21:13