[openssl-users] 回复: 回复: [help]SSL_CTX_use_certificate_file failed!

zy_chongqing zy_chongqing at aliyun.com
Tue Sep 13 15:59:06 UTC 2016 

Only this one certificate, acutually this file is used for the iOS APNs function.the weird thing is, I use the same file and same code on other 2 server, it work well. That is really confused me. ------------------------------------------------------------------发件人:Viktor Dukhovni <openssl-users at dukhovni.org>发送时间:2016年9月13日(星期二) 23:46收件人:openssl-users <openssl-users at openssl.org>主 题:Re: [openssl-users] 回复:  [help]SSL_CTX_use_certificate_file failed!
On Tue, Sep 13, 2016 at 10:53:57PM +0800, zy_chongqing wrote:

> thanks for your reply. please kindly find the attached to get the certificate.

Firstly, you posted a 2048-bit certificate, which would not normally
fail with a "key too small" error, other than by failure to parse
the public key.

Secondly, when I start the OpenSSL 1.1.0 s_server(1) with the posted
certificate as the chain file, and a random 2048-bit RSA key as
the key file, the error is that the key and certificate don't match.
This means that at least s_server *is* able to parse the public
key.  Are there some other certificates in the chain file, in
addition to the leaf certificate you posted?  Please post all
the certificates (but not the private key) from that chain file.

    $ openssl genrsa 2048 >> /tmp/cert.pem
    Generating RSA private key, 2048 bit long modulus
    ........................................................................+++
    ...............+++
    e is 65537 (0x010001)

    $ openssl s_server -cert /tmp/cert.pem -accept 12345
    Using default temp DH parameters
    error setting private key
    140735148003328:error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch:../openssl/crypto/x509/x509_cmp.c:295:

-- 
 Viktor.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160913/313a66ce/attachment.html>

More information about the openssl-users mailing list