LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)
-   -   glftpd error with SSL certificate (https://www.linuxquestions.org/questions/linux-software-2/glftpd-error-with-ssl-certificate-89164/)

dopper 09-04-2003 08:50 AM
glftpd error with SSL certificate
 
I've been trying to troubleshoot this error that appears in /var/log/messages when I startup my new 'jailed' installation of glftpd using xinetd.

Aug 31 18:42:22 amd1400 glftpd[18469]: connect from 127.0.0.1 (127.0.0.1)
Aug 31 18:42:22 amd1400 glftpd:localhost: connected: SSL_CTX_use_certificate_file(/etc/ssl/certs/ftpd-dsa.pem) error:0906D06C:PEM routines:PEM_read_bio:no start line

This is my first time trying to setup an SSL certificate and a search on google showed this error being generated for people running SSL on webservers and mailservers as well.

dopper 09-11-2003 11:43 AM
I still have had no luck finding a solution to this error (nt)
 
I still have had no luck finding a solution to this error

dopper 10-05-2003 04:26 PM
resurrecting my old post that never got answered...
 
I've determined the problem is with the certificate that is being generated. I run the 'create_server_key.sh servername' script to create a key and get this output at the end.

Code:
Generating DSA key, 1024 bits
cat: ftpd-dsa.crt: No such file or directory

ftpd-dsa.pem created.
Copy the file to /usr/local/ssl/certs or use -z options in glftpd
to point to the .pem file
As you can see the script reports that it successfully creates the certificate. However, it seems to be missing ftpd-dsa.crt when it generates the certificate so the cert generates errors when I try to use it. The problem seems to be in the script is at this part:

Code:
$opensslbin req -new -x509 -days 365 -key $base.key -out $base.crt 2>/dev/null << EOF
.
.
.
.
.
$servbase
.
EOF

cat $base.key $base.crt > $base.pem
It doesn't seem to create $base.crt (ftpd-dsa.crt). I know this because I commented out the line in the script that deletes all the files before they are merged:

Code:
#rm -f $base.key $base.crt $base.dh $base.dsaparam
My question is how do I get the script to create $base.crt (ftpd-dsa.crt) so that it creates a valid certificate and why does the script create a valid certificate for others but it's not working for me?

dopper 10-05-2003 05:21 PM
this is the output when I remove '2>/dev/null << EOF'

Code:
Generating DSA key, 1024 bits
Using configuration from /opt/globus/openssl.cnf
Unable to load config info
unable to find 'distinguished_name' in config
problems making Certificate Request
20621:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:conf_lib.c:343:
20621:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:conf_lib.c:343:
20621:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:conf_lib.c:343:
20621:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:conf_lib.c:343:
20621:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:conf_lib.c:343:
20621:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:conf_lib.c:343:
20621:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:conf_lib.c:343:
20621:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:conf_lib.c:343:
20621:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:conf_lib.c:343:
20621:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:conf_lib.c:343:
./create_server_key.sh: line 48: .: filename argument required
.: usage: . filename
I checked for /opt/globus/openssl.cnf and the openssl.cnf file doesn't exist at that location, but rather it is stored at /etc/ssl/openssl.cnf

So I added /etc/ssl/ to the top of create_server_key.sh like so:
Code:
ssldirs="$OPENSSLDIR /usr /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/ssl
        /usr/share /usr/lib /usr/lib/ssl /usr/pkg /opt /opt/ssl /etc/ssl"
I'm getting the same error though so now I'm at the point where I'm stuck on how to tell the script to use /etc/ssl/openssl.cnf instead of /opt/globus/openssl.cnf

dopper 10-06-2003 03:05 PM
I got it to generate a certificate successfully
 
As a bandaid to the problem I just created a symbolic link from the location the script is looking for openssl.cnf (/opt/globus/openssl.cnf) to the real location of openssl.cnf is on this distro (/etc/ssl/openssl.cnf).

Code:
ln -s /etc/ssl/openssl.cnf /opt/globus/openssl.cnf
Then I ran the create_server_key.sh script and it successfully created the ftpd-dsa.crt file and generated a valid certificate file.

If anyone can figure out another method for the script to look to /etc/ssl/openssl.cnf instead of /opt/globus/openssl.cnf I'd be happy to hear about it.


All times are GMT -5. The time now is 04:15 AM.