LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 04-04-2003, 05:39 PM   #1
champ
Member
 
Registered: Jul 2002
Distribution: Slackware 10.0
Posts: 46

Rep: Reputation: 16
ssl certificates


im currently writing a server/client system using ssl socket. I use the openssl api.

But i have a little trouble making the necessary certificates. My problem is when the client wants to verify the certificate. And I have found out that the thing that Im missing is the ca file that represents trusted certificates.
On the server, this is the function to use.

Code:
if (!SSL_CTX_load_verify_locations(ctx, "ca.file", 0))
{
	fprintf("error message.....");
	abort();
}
But i do not know how to create that file.

I made the certificate/private key using the "CA.pl -newcert" command, creating a certificate and private key. This is just a perl script that does the same job as the openssl command tool

What I want, is for that certificate to be a trusted one. The "ca.file" is supposed to contain the certificates that are trusted.

Anyone have any ideas how to produce that ca.file
 
Old 04-04-2003, 06:11 PM   #2
Crashed_Again
Senior Member
 
Registered: Dec 2002
Location: Atlantic City, NJ
Distribution: Ubuntu & Arch
Posts: 3,503

Rep: Reputation: 57
In order for your certificate to be "trusted" it must be signed by a company such as VeriSign. Check out VeriSign's website for more info. I believe there is a free trial certificate that they will give you for a month or so. There are other companies that provide the same service but I can't think of there names.

You can self sign your certificate but people visit your site will get a security pop-up. I self signed my certificate so if you go to my secured site here you will see the pop-up that a self signed certificate generates.
 
Old 04-05-2003, 09:47 AM   #3
champ
Member
 
Registered: Jul 2002
Distribution: Slackware 10.0
Posts: 46

Original Poster
Rep: Reputation: 16
ok thanks.

I would like to precise that this is not a web site, but a server and client written in c.

I will take you up on that adwise, but I though I could do this without using a real CA becuase I read an article on linuxjournal.com on howto program a ssl server/client. And the source code that came with that article included the nescessary certificates including a root.pem file that was the file that the server would use to identify the the trusted certificates.

On the client side you would use

Code:
if(SSL_get_verify_result(ssl)!=X509_V_OK)
      berr_exit("Certificate doesn't verify");

This would verify the certificate. But on my client, this will always fail.

But you're probably right. I real CA have to sign the certifiacate.

Last edited by champ; 04-05-2003 at 09:51 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ssl and verisign trail certificates helpme0904 Fedora 0 06-09-2005 03:57 PM
SSL certificates the-chains Linux - Software 0 11-15-2004 07:12 PM
ssl certificates Syncrm Linux - General 7 02-26-2003 10:01 AM
SSL Certificates and root authorities antken General 2 01-24-2003 10:55 AM
Multiple SSL Certificates Per IP Address dkochan Linux - General 1 03-05-2002 01:06 PM


All times are GMT -5. The time now is 06:59 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration