Using cacert.org
Using cacert.org
Sorry for the dumb question, but how do I use the certificate I got from cacert?
-
Ron2K
That should be server.cert.pem.
But now...
But now...
Code: Select all
* Loading IRCd configuration ..
* Configuration loaded without any problems ..
* Loading tunefile..
* Initializing SSL.
Possible error encountered (IRCd seemily not started)
-
Ron2K
Several possibilities that I can think of:
- You put the file in the wrong place. Double-check.
- Use set::ssl::key (I think that's the right one) and see if it goes away. Can be used in conjunction with the previous possibility.
- If not, there's might be a problem with the certificate itself. Unfortunately, I don't know enough about SSL to help you further.
I just noticed that after this text it says:Lypsik wrote:That should be server.cert.pem.
But now...Code: Select all
* Loading IRCd configuration .. * Configuration loaded without any problems .. * Loading tunefile.. * Initializing SSL. Possible error encountered (IRCd seemily not started)
tail: cannot open `/home/ircd/Unreal3.2/ircd.log' for reading: No such file or directory
But in the unrealircd.conf I have set the error log to be ircderr.log
And despite the error, it still logs in to the correct file.
Ron2K wrote:Several possibilities that I can think of:
- You put the file in the wrong place. Double-check.
- Use set::ssl::key (I think that's the right one) and see if it goes away. Can be used in conjunction with the previous possibility.
- If not, there's might be a problem with the certificate itself. Unfortunately, I don't know enough about SSL to help you further.
- That is not the problem - I checked it several times.
- I'm not sure what do you mean by "use", but I did all sort of stuff with it:
* I commented it out
* I renamed the file that set::ssl::key was pointing to (so there would be no file)
* I tried to use an empty file
Nothing helped. - I think the cert is fine, but the key file is the problem.
-----BEGIN RSA PRIVATE KEY-----
But isn't this a self signed thing (because it was created with the server.cert.pem)? Shouldn't I get a new one from CaCert?
Hm... well, for every public certificate, there should be a private key. You really should've got a private key file from cacert.org to drop into the same folder. If you didn't, you might need to go and raise a loud complaint 
, because I've noticed that you have server.cert.pem, but not server.key.pem - both of which are needed.
And for the record, had it been the other way around (you have the private key but not the public one), IIRC you can regenerate the public key if you have the private one.
So of course, you may verify that the certificate you have really is the public key, and not the private one. If it's the private one, then rename it to server.key.pem and use openssl to regenerate the public one. Realize that the RSA PRIVATE KEY whatever line you saw in the .key.pem that ./Config generated - I believe all private keys begin with that line, but I'm not to sure. So maybe do a cat server.cert.pem (or type server.cert.pem for Win32) and see if that line is there.
(Of course, what I said could be wrong .)
, because I've noticed that you have server.cert.pem, but not server.key.pem - both of which are needed.And for the record, had it been the other way around (you have the private key but not the public one), IIRC you can regenerate the public key if you have the private one.
So of course, you may verify that the certificate you have really is the public key, and not the private one. If it's the private one, then rename it to server.key.pem and use openssl to regenerate the public one. Realize that the RSA PRIVATE KEY whatever line you saw in the .key.pem that ./Config generated - I believe all private keys begin with that line, but I'm not to sure. So maybe do a cat server.cert.pem (or type server.cert.pem for Win32) and see if that line is there.
(Of course, what I said could be wrong
.)-
Winbots
- Posts: 65
- Joined: Wed Apr 21, 2004 12:26 am
- Location: irc://irc.winbots.org/Winbots
- Contact: