glftpd error with SSL certificate
I've been trying to troubleshoot this error that appears in /var/log/messages when I startup my new 'jailed' installation of glftpd using xinetd.
Aug 31 18:42:22 amd1400 glftpd[18469]: connect from 127.0.0.1 (127.0.0.1) Aug 31 18:42:22 amd1400 glftpd:localhost: connected: SSL_CTX_use_certificate_file(/etc/ssl/certs/ftpd-dsa.pem) error:0906D06C:PEM routines:PEM_read_bio:no start line This is my first time trying to setup an SSL certificate and a search on google showed this error being generated for people running SSL on webservers and mailservers as well. |
I still have had no luck finding a solution to this error (nt)
I still have had no luck finding a solution to this error
|
resurrecting my old post that never got answered...
I've determined the problem is with the certificate that is being generated. I run the 'create_server_key.sh servername' script to create a key and get this output at the end.
Code:
Generating DSA key, 1024 bits Code:
$opensslbin req -new -x509 -days 365 -key $base.key -out $base.crt 2>/dev/null << EOF Code:
#rm -f $base.key $base.crt $base.dh $base.dsaparam |
this is the output when I remove '2>/dev/null << EOF'
Code:
Generating DSA key, 1024 bits So I added /etc/ssl/ to the top of create_server_key.sh like so: Code:
ssldirs="$OPENSSLDIR /usr /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/ssl |
I got it to generate a certificate successfully
As a bandaid to the problem I just created a symbolic link from the location the script is looking for openssl.cnf (/opt/globus/openssl.cnf) to the real location of openssl.cnf is on this distro (/etc/ssl/openssl.cnf).
Code:
ln -s /etc/ssl/openssl.cnf /opt/globus/openssl.cnf If anyone can figure out another method for the script to look to /etc/ssl/openssl.cnf instead of /opt/globus/openssl.cnf I'd be happy to hear about it. |
All times are GMT -5. The time now is 04:15 AM. |