Hi,
The BEGIN RSA PRIVATE KEY is normally a PKCS#1 rsa key while the BEGIN
PRIVATE KEY is a (passwordless) PKCS#8 key. Those things do make a
difference and have been known to break things. I haven't followed the
rest of the discussion, but I would advise to make sure it's not causing
problems... You can convert one into the other using the openssl rsa and
pkcs8 commandline tools:
openssl pkcs8 -topk8 -nocrypt -in <RSA-KEY> -out <PKCS8-KEY>
You can also leave out the -nocrypt, but then you
get a -----BEGIN ENCRYPTED PRIVATE KEY-----
For the reverse:
openssl rsa -in <PKCS8-KEY> -out <RSA-KEY>
or
openssl rsa -des3 -in <PKCS8-KEY> -out <RSA-KEY>
Best wishes,
Mischa
On Sun, Aug 03, 2014 at 05:09:53PM +0200, Linus Nordberg wrote:
> Alan Buxey <[log in to unmask]> wrote
> Sun, 3 Aug 2014 12:37:22 +0000:
>
> | >If you provide me with a certificate that fails for you, I will see if I
> | >can reproduce it using that one.
> |
> | in this case I would say that our documentation can be altered so we arent
> | doing any clean-up of the files and just operate with a straight/plain
> | concatenation (I did provide an example cert in this thread).
>
> Found that now! Sorry about the confusion.
>
> Tried your concatenated cert file with libradsec but didn't see a parse
> failure. I did have trouble setting up a TLS session due to missing CA
> cert but don't think libradsec is having trouble grokking the file.
>
> For an additional data point, I tried this concatenated cert+key file
> with success:
>
> It shall be noted that this file has "-----BEGIN RSA PRIVATE KEY-----", as
> opposed to your example cert file which has "-----BEGIN PRIVATE KEY-----".
> I wouldn't this to be an issue though.
>
> What's your exact issue? Can you provide the output from running
> examples/client using your example cert file?
--
Nikhef Room H155
Science Park 105 Tel. +31-20-592 5102
1098 XG Amsterdam Fax +31-20-592 5155
The Netherlands Email [log in to unmask]
__ .. ... _._. .... ._ ... ._ ._.. ._.. .._..
|