Using cacert.org
Posted: Thu Aug 26, 2004 4:40 am
Sorry for the dumb question, but how do I use the certificate I got from cacert?
Page 1 of 2
Posted: Thu Aug 26, 2004 6:29 am
Give it the correct name (which has slipped my mind at the moment, sorry), and overwrite the old one.
Posted: Mon Aug 30, 2004 6:23 pm
That should be server.cert.pem.
But now...
But now...
Code: Select all
* Loading IRCd configuration ..
* Configuration loaded without any problems ..
* Loading tunefile..
* Initializing SSL.
Possible error encountered (IRCd seemily not started)Posted: Mon Aug 30, 2004 11:48 pm
See the log file in which you log errors.
Posted: Tue Aug 31, 2004 2:11 pm
I wonder why I didn't check the log at first anyway... 
But anyway, here it is:
[Mon Aug 30 21:18:54 2004] - Failed to load SSL private key server.key.pem
But anyway, here it is:
[Mon Aug 30 21:18:54 2004] - Failed to load SSL private key server.key.pem
Posted: Tue Sep 28, 2004 10:42 pm
The problem still isn't solved. I want help.
Posted: Wed Sep 29, 2004 7:38 am
Several possibilities that I can think of:
- You put the file in the wrong place. Double-check.
- Use set::ssl::key (I think that's the right one) and see if it goes away. Can be used in conjunction with the previous possibility.
- If not, there's might be a problem with the certificate itself. Unfortunately, I don't know enough about SSL to help you further.
Posted: Wed Sep 29, 2004 12:27 pm
I just noticed that after this text it says:Lypsik wrote:That should be server.cert.pem.
But now...Code: Select all
* Loading IRCd configuration .. * Configuration loaded without any problems .. * Loading tunefile.. * Initializing SSL. Possible error encountered (IRCd seemily not started)
tail: cannot open `/home/ircd/Unreal3.2/ircd.log' for reading: No such file or directory
But in the unrealircd.conf I have set the error log to be ircderr.log
And despite the error, it still logs in to the correct file.
Posted: Wed Sep 29, 2004 1:00 pm
Ron2K wrote:Several possibilities that I can think of:
- You put the file in the wrong place. Double-check.
- Use set::ssl::key (I think that's the right one) and see if it goes away. Can be used in conjunction with the previous possibility.
- If not, there's might be a problem with the certificate itself. Unfortunately, I don't know enough about SSL to help you further.
- That is not the problem - I checked it several times.
- I'm not sure what do you mean by "use", but I did all sort of stuff with it:
* I commented it out
* I renamed the file that set::ssl::key was pointing to (so there would be no file)
* I tried to use an empty file
Nothing helped. - I think the cert is fine, but the key file is the problem.
-----BEGIN RSA PRIVATE KEY-----
But isn't this a self signed thing (because it was created with the server.cert.pem)? Shouldn't I get a new one from CaCert?
Posted: Wed Sep 29, 2004 3:58 pm
Hm... well, for every public certificate, there should be a private key. You really should've got a private key file from cacert.org to drop into the same folder. If you didn't, you might need to go and raise a loud complaint 
, because I've noticed that you have server.cert.pem, but not server.key.pem - both of which are needed.
And for the record, had it been the other way around (you have the private key but not the public one), IIRC you can regenerate the public key if you have the private one.
So of course, you may verify that the certificate you have really is the public key, and not the private one. If it's the private one, then rename it to server.key.pem and use openssl to regenerate the public one. Realize that the RSA PRIVATE KEY whatever line you saw in the .key.pem that ./Config generated - I believe all private keys begin with that line, but I'm not to sure. So maybe do a cat server.cert.pem (or type server.cert.pem for Win32) and see if that line is there.
(Of course, what I said could be wrong .)
, because I've noticed that you have server.cert.pem, but not server.key.pem - both of which are needed.And for the record, had it been the other way around (you have the private key but not the public one), IIRC you can regenerate the public key if you have the private one.
So of course, you may verify that the certificate you have really is the public key, and not the private one. If it's the private one, then rename it to server.key.pem and use openssl to regenerate the public one. Realize that the RSA PRIVATE KEY whatever line you saw in the .key.pem that ./Config generated - I believe all private keys begin with that line, but I'm not to sure. So maybe do a cat server.cert.pem (or type server.cert.pem for Win32) and see if that line is there.
(Of course, what I said could be wrong
.)Posted: Wed Sep 29, 2004 4:12 pm
server.cert.pem starts with this: -----BEGIN CERTIFICATE-----
This is the same for both files: the one I got from cacert and the one Config generated.
This is the same for both files: the one I got from cacert and the one Config generated.
Posted: Sun Oct 03, 2004 6:20 am
when you requested a cert from cacert, did you use the data from the server.req.pem file?
Posted: Sun Oct 03, 2004 6:42 am
Yes, I did.Winbots wrote:when you requested a cert from cacert, did you use the data from the server.req.pem file?
Posted: Sat Oct 23, 2004 9:08 pm
...Lypsik wrote:Yes, I did.Winbots wrote:when you requested a cert from cacert, did you use the data from the server.req.pem file?
Posted: Tue Oct 26, 2004 10:21 pm
This is most likely a permission issue. Does the user running the ircd daemon have read access to the certificate file?