Openssl fails to use the generated X509 certificate and Private key files











up vote
-1
down vote

favorite












I am trying to use Openssl and I am running into issues trying to initialize the X509 certificate to use and the key file. Below is my code but apparently the calls to SSL_CTX_use_PrivateKey_file() and SSL_CTX_use_certificate_file() fail. Below is my code. The 2 files are generated using openssl and have names cert.pem and key.pem respectively.
Can anyone please help me out as to why I am failing those 2 calls ? The SSL context is created fine i.e no error there. I am using OpenSSL 1.0.2g.



There was another issue on stackoverflow that referred to something similar and the fix was to add a call to SSL_library_init(); which I did but that does not seem to make a difference.



SSL_load_error_strings();
SSL_library_init();
OpenSSL_add_all_algorithms();

const SSL_METHOD *method;
method = SSLv23_server_method();

ctx = SSL_CTX_new(method);

if (!ctx) {
syslog(LOG_INFO, "%s", "Could not generate SSL context!!");
err = -1;
}

SSL_CTX_set_ecdh_auto(ctx, 1);

char hname[NI_MAXHOST];
gethostname(hname, NI_MAXHOST);

key_path += "/" + std::string(hname) + "/";

const std::string crt = key_path + "cert.pem";
const std::string key = key_path + "key.pem";

const char *ccrt = crt.c_str();
const char *ckey = key.c_str();

/* Set the key and cert */
if (SSL_CTX_use_certificate_file(ctx, ccrt, SSL_FILETYPE_PEM) <= 0) {
syslog(LOG_INFO, "%s", "Could not use SSL certificate!!");
err = -1;
}

if (SSL_CTX_use_PrivateKey_file(ctx, ckey, SSL_FILETYPE_PEM) <= 0 ) {
syslog(LOG_INFO, "%s", "Could not use SSL Key!!");
err = -1;
}


Commands to generate the cert and key files



  openssl genrsa -out key.pem 4096

openssl req -new -x509 -days 365 -key key.pem -out cert.pem


Turns out the absolute path to the cert.pem and key.pem files was wrong.
When I added the right path, the function calls seem to work.










share|improve this question




















  • 2




    "... but apparently the calls to ... fail." - openssl provides more detailed error messages then just fail. Please use these in your code and provide these in your question. See ERR_print_errors and similar.
    – Steffen Ullrich
    Nov 20 at 5:02










  • @SteffenUllrich It seems there was something wrong with the cert.
    – PeterJ
    Nov 20 at 8:34










  • You will need to define "something wrong" a little better...
    – Patrick Mevzek
    Nov 20 at 15:13










  • @PatrickMevzek The absolute path was wrong. I am not sure if you downvoted the question, but dont think that was necessary.
    – PeterJ
    Nov 20 at 21:05










  • It is impossible to answer your question because it lacks specific details. See Steffen comment and define "fail" precisely by editing your post and adding appropriate troubleshooting results.
    – Patrick Mevzek
    Nov 20 at 21:13















up vote
-1
down vote

favorite












I am trying to use Openssl and I am running into issues trying to initialize the X509 certificate to use and the key file. Below is my code but apparently the calls to SSL_CTX_use_PrivateKey_file() and SSL_CTX_use_certificate_file() fail. Below is my code. The 2 files are generated using openssl and have names cert.pem and key.pem respectively.
Can anyone please help me out as to why I am failing those 2 calls ? The SSL context is created fine i.e no error there. I am using OpenSSL 1.0.2g.



There was another issue on stackoverflow that referred to something similar and the fix was to add a call to SSL_library_init(); which I did but that does not seem to make a difference.



SSL_load_error_strings();
SSL_library_init();
OpenSSL_add_all_algorithms();

const SSL_METHOD *method;
method = SSLv23_server_method();

ctx = SSL_CTX_new(method);

if (!ctx) {
syslog(LOG_INFO, "%s", "Could not generate SSL context!!");
err = -1;
}

SSL_CTX_set_ecdh_auto(ctx, 1);

char hname[NI_MAXHOST];
gethostname(hname, NI_MAXHOST);

key_path += "/" + std::string(hname) + "/";

const std::string crt = key_path + "cert.pem";
const std::string key = key_path + "key.pem";

const char *ccrt = crt.c_str();
const char *ckey = key.c_str();

/* Set the key and cert */
if (SSL_CTX_use_certificate_file(ctx, ccrt, SSL_FILETYPE_PEM) <= 0) {
syslog(LOG_INFO, "%s", "Could not use SSL certificate!!");
err = -1;
}

if (SSL_CTX_use_PrivateKey_file(ctx, ckey, SSL_FILETYPE_PEM) <= 0 ) {
syslog(LOG_INFO, "%s", "Could not use SSL Key!!");
err = -1;
}


Commands to generate the cert and key files



  openssl genrsa -out key.pem 4096

openssl req -new -x509 -days 365 -key key.pem -out cert.pem


Turns out the absolute path to the cert.pem and key.pem files was wrong.
When I added the right path, the function calls seem to work.










share|improve this question




















  • 2




    "... but apparently the calls to ... fail." - openssl provides more detailed error messages then just fail. Please use these in your code and provide these in your question. See ERR_print_errors and similar.
    – Steffen Ullrich
    Nov 20 at 5:02










  • @SteffenUllrich It seems there was something wrong with the cert.
    – PeterJ
    Nov 20 at 8:34










  • You will need to define "something wrong" a little better...
    – Patrick Mevzek
    Nov 20 at 15:13










  • @PatrickMevzek The absolute path was wrong. I am not sure if you downvoted the question, but dont think that was necessary.
    – PeterJ
    Nov 20 at 21:05










  • It is impossible to answer your question because it lacks specific details. See Steffen comment and define "fail" precisely by editing your post and adding appropriate troubleshooting results.
    – Patrick Mevzek
    Nov 20 at 21:13













up vote
-1
down vote

favorite









up vote
-1
down vote

favorite











I am trying to use Openssl and I am running into issues trying to initialize the X509 certificate to use and the key file. Below is my code but apparently the calls to SSL_CTX_use_PrivateKey_file() and SSL_CTX_use_certificate_file() fail. Below is my code. The 2 files are generated using openssl and have names cert.pem and key.pem respectively.
Can anyone please help me out as to why I am failing those 2 calls ? The SSL context is created fine i.e no error there. I am using OpenSSL 1.0.2g.



There was another issue on stackoverflow that referred to something similar and the fix was to add a call to SSL_library_init(); which I did but that does not seem to make a difference.



SSL_load_error_strings();
SSL_library_init();
OpenSSL_add_all_algorithms();

const SSL_METHOD *method;
method = SSLv23_server_method();

ctx = SSL_CTX_new(method);

if (!ctx) {
syslog(LOG_INFO, "%s", "Could not generate SSL context!!");
err = -1;
}

SSL_CTX_set_ecdh_auto(ctx, 1);

char hname[NI_MAXHOST];
gethostname(hname, NI_MAXHOST);

key_path += "/" + std::string(hname) + "/";

const std::string crt = key_path + "cert.pem";
const std::string key = key_path + "key.pem";

const char *ccrt = crt.c_str();
const char *ckey = key.c_str();

/* Set the key and cert */
if (SSL_CTX_use_certificate_file(ctx, ccrt, SSL_FILETYPE_PEM) <= 0) {
syslog(LOG_INFO, "%s", "Could not use SSL certificate!!");
err = -1;
}

if (SSL_CTX_use_PrivateKey_file(ctx, ckey, SSL_FILETYPE_PEM) <= 0 ) {
syslog(LOG_INFO, "%s", "Could not use SSL Key!!");
err = -1;
}


Commands to generate the cert and key files



  openssl genrsa -out key.pem 4096

openssl req -new -x509 -days 365 -key key.pem -out cert.pem


Turns out the absolute path to the cert.pem and key.pem files was wrong.
When I added the right path, the function calls seem to work.










share|improve this question















I am trying to use Openssl and I am running into issues trying to initialize the X509 certificate to use and the key file. Below is my code but apparently the calls to SSL_CTX_use_PrivateKey_file() and SSL_CTX_use_certificate_file() fail. Below is my code. The 2 files are generated using openssl and have names cert.pem and key.pem respectively.
Can anyone please help me out as to why I am failing those 2 calls ? The SSL context is created fine i.e no error there. I am using OpenSSL 1.0.2g.



There was another issue on stackoverflow that referred to something similar and the fix was to add a call to SSL_library_init(); which I did but that does not seem to make a difference.



SSL_load_error_strings();
SSL_library_init();
OpenSSL_add_all_algorithms();

const SSL_METHOD *method;
method = SSLv23_server_method();

ctx = SSL_CTX_new(method);

if (!ctx) {
syslog(LOG_INFO, "%s", "Could not generate SSL context!!");
err = -1;
}

SSL_CTX_set_ecdh_auto(ctx, 1);

char hname[NI_MAXHOST];
gethostname(hname, NI_MAXHOST);

key_path += "/" + std::string(hname) + "/";

const std::string crt = key_path + "cert.pem";
const std::string key = key_path + "key.pem";

const char *ccrt = crt.c_str();
const char *ckey = key.c_str();

/* Set the key and cert */
if (SSL_CTX_use_certificate_file(ctx, ccrt, SSL_FILETYPE_PEM) <= 0) {
syslog(LOG_INFO, "%s", "Could not use SSL certificate!!");
err = -1;
}

if (SSL_CTX_use_PrivateKey_file(ctx, ckey, SSL_FILETYPE_PEM) <= 0 ) {
syslog(LOG_INFO, "%s", "Could not use SSL Key!!");
err = -1;
}


Commands to generate the cert and key files



  openssl genrsa -out key.pem 4096

openssl req -new -x509 -days 365 -key key.pem -out cert.pem


Turns out the absolute path to the cert.pem and key.pem files was wrong.
When I added the right path, the function calls seem to work.







ssl openssl ssl-certificate x509certificate






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 20 at 23:16

























asked Nov 20 at 4:13









PeterJ

34




34








  • 2




    "... but apparently the calls to ... fail." - openssl provides more detailed error messages then just fail. Please use these in your code and provide these in your question. See ERR_print_errors and similar.
    – Steffen Ullrich
    Nov 20 at 5:02










  • @SteffenUllrich It seems there was something wrong with the cert.
    – PeterJ
    Nov 20 at 8:34










  • You will need to define "something wrong" a little better...
    – Patrick Mevzek
    Nov 20 at 15:13










  • @PatrickMevzek The absolute path was wrong. I am not sure if you downvoted the question, but dont think that was necessary.
    – PeterJ
    Nov 20 at 21:05










  • It is impossible to answer your question because it lacks specific details. See Steffen comment and define "fail" precisely by editing your post and adding appropriate troubleshooting results.
    – Patrick Mevzek
    Nov 20 at 21:13














  • 2




    "... but apparently the calls to ... fail." - openssl provides more detailed error messages then just fail. Please use these in your code and provide these in your question. See ERR_print_errors and similar.
    – Steffen Ullrich
    Nov 20 at 5:02










  • @SteffenUllrich It seems there was something wrong with the cert.
    – PeterJ
    Nov 20 at 8:34










  • You will need to define "something wrong" a little better...
    – Patrick Mevzek
    Nov 20 at 15:13










  • @PatrickMevzek The absolute path was wrong. I am not sure if you downvoted the question, but dont think that was necessary.
    – PeterJ
    Nov 20 at 21:05










  • It is impossible to answer your question because it lacks specific details. See Steffen comment and define "fail" precisely by editing your post and adding appropriate troubleshooting results.
    – Patrick Mevzek
    Nov 20 at 21:13








2




2




"... but apparently the calls to ... fail." - openssl provides more detailed error messages then just fail. Please use these in your code and provide these in your question. See ERR_print_errors and similar.
– Steffen Ullrich
Nov 20 at 5:02




"... but apparently the calls to ... fail." - openssl provides more detailed error messages then just fail. Please use these in your code and provide these in your question. See ERR_print_errors and similar.
– Steffen Ullrich
Nov 20 at 5:02












@SteffenUllrich It seems there was something wrong with the cert.
– PeterJ
Nov 20 at 8:34




@SteffenUllrich It seems there was something wrong with the cert.
– PeterJ
Nov 20 at 8:34












You will need to define "something wrong" a little better...
– Patrick Mevzek
Nov 20 at 15:13




You will need to define "something wrong" a little better...
– Patrick Mevzek
Nov 20 at 15:13












@PatrickMevzek The absolute path was wrong. I am not sure if you downvoted the question, but dont think that was necessary.
– PeterJ
Nov 20 at 21:05




@PatrickMevzek The absolute path was wrong. I am not sure if you downvoted the question, but dont think that was necessary.
– PeterJ
Nov 20 at 21:05












It is impossible to answer your question because it lacks specific details. See Steffen comment and define "fail" precisely by editing your post and adding appropriate troubleshooting results.
– Patrick Mevzek
Nov 20 at 21:13




It is impossible to answer your question because it lacks specific details. See Steffen comment and define "fail" precisely by editing your post and adding appropriate troubleshooting results.
– Patrick Mevzek
Nov 20 at 21:13

















active

oldest

votes











Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53386120%2fopenssl-fails-to-use-the-generated-x509-certificate-and-private-key-files%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown






























active

oldest

votes













active

oldest

votes









active

oldest

votes






active

oldest

votes
















draft saved

draft discarded




















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.





Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


Please pay close attention to the following guidance:


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53386120%2fopenssl-fails-to-use-the-generated-x509-certificate-and-private-key-files%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

404 Error Contact Form 7 ajax form submitting

How to know if a Active Directory user can login interactively

Refactoring coordinates for Minecraft Pi buildings written in Python