LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 09-04-2003, 08:50 AM   #1
dopper
Member
 
Registered: Jun 2003
Location: Canada
Distribution: Muppy 006 (puppy 2.12 derivative) & Ubuntu 6.06 LTS Dapper Drake, ipcop 1.4.13
Posts: 52

Rep: Reputation: 15
glftpd error with SSL certificate


I've been trying to troubleshoot this error that appears in /var/log/messages when I startup my new 'jailed' installation of glftpd using xinetd.

Aug 31 18:42:22 amd1400 glftpd[18469]: connect from 127.0.0.1 (127.0.0.1)
Aug 31 18:42:22 amd1400 glftpd:localhost: connected: SSL_CTX_use_certificate_file(/etc/ssl/certs/ftpd-dsa.pem) error:0906D06C:PEM routines:PEM_read_bio:no start line

This is my first time trying to setup an SSL certificate and a search on google showed this error being generated for people running SSL on webservers and mailservers as well.
 
Old 09-11-2003, 11:43 AM   #2
dopper
Member
 
Registered: Jun 2003
Location: Canada
Distribution: Muppy 006 (puppy 2.12 derivative) & Ubuntu 6.06 LTS Dapper Drake, ipcop 1.4.13
Posts: 52

Original Poster
Rep: Reputation: 15
I still have had no luck finding a solution to this error (nt)

I still have had no luck finding a solution to this error
 
Old 10-05-2003, 04:26 PM   #3
dopper
Member
 
Registered: Jun 2003
Location: Canada
Distribution: Muppy 006 (puppy 2.12 derivative) & Ubuntu 6.06 LTS Dapper Drake, ipcop 1.4.13
Posts: 52

Original Poster
Rep: Reputation: 15
resurrecting my old post that never got answered...

I've determined the problem is with the certificate that is being generated. I run the 'create_server_key.sh servername' script to create a key and get this output at the end.

Code:
Generating DSA key, 1024 bits
cat: ftpd-dsa.crt: No such file or directory

ftpd-dsa.pem created.
Copy the file to /usr/local/ssl/certs or use -z options in glftpd
to point to the .pem file
As you can see the script reports that it successfully creates the certificate. However, it seems to be missing ftpd-dsa.crt when it generates the certificate so the cert generates errors when I try to use it. The problem seems to be in the script is at this part:

Code:
$opensslbin req -new -x509 -days 365 -key $base.key -out $base.crt 2>/dev/null << EOF
.
.
.
.
.
$servbase
.
EOF

cat $base.key $base.crt > $base.pem
It doesn't seem to create $base.crt (ftpd-dsa.crt). I know this because I commented out the line in the script that deletes all the files before they are merged:

Code:
#rm -f $base.key $base.crt $base.dh $base.dsaparam
My question is how do I get the script to create $base.crt (ftpd-dsa.crt) so that it creates a valid certificate and why does the script create a valid certificate for others but it's not working for me?
 
Old 10-05-2003, 05:21 PM   #4
dopper
Member
 
Registered: Jun 2003
Location: Canada
Distribution: Muppy 006 (puppy 2.12 derivative) & Ubuntu 6.06 LTS Dapper Drake, ipcop 1.4.13
Posts: 52

Original Poster
Rep: Reputation: 15
this is the output when I remove '2>/dev/null << EOF'

Code:
Generating DSA key, 1024 bits
Using configuration from /opt/globus/openssl.cnf
Unable to load config info
unable to find 'distinguished_name' in config
problems making Certificate Request
20621:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:conf_lib.c:343:
20621:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:conf_lib.c:343:
20621:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:conf_lib.c:343:
20621:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:conf_lib.c:343:
20621:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:conf_lib.c:343:
20621:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:conf_lib.c:343:
20621:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:conf_lib.c:343:
20621:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:conf_lib.c:343:
20621:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:conf_lib.c:343:
20621:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:conf_lib.c:343:
./create_server_key.sh: line 48: .: filename argument required
.: usage: . filename
I checked for /opt/globus/openssl.cnf and the openssl.cnf file doesn't exist at that location, but rather it is stored at /etc/ssl/openssl.cnf

So I added /etc/ssl/ to the top of create_server_key.sh like so:
Code:
ssldirs="$OPENSSLDIR /usr /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/ssl
         /usr/share /usr/lib /usr/lib/ssl /usr/pkg /opt /opt/ssl /etc/ssl"
I'm getting the same error though so now I'm at the point where I'm stuck on how to tell the script to use /etc/ssl/openssl.cnf instead of /opt/globus/openssl.cnf

Last edited by dopper; 10-05-2003 at 05:50 PM.
 
Old 10-06-2003, 03:05 PM   #5
dopper
Member
 
Registered: Jun 2003
Location: Canada
Distribution: Muppy 006 (puppy 2.12 derivative) & Ubuntu 6.06 LTS Dapper Drake, ipcop 1.4.13
Posts: 52

Original Poster
Rep: Reputation: 15
I got it to generate a certificate successfully

As a bandaid to the problem I just created a symbolic link from the location the script is looking for openssl.cnf (/opt/globus/openssl.cnf) to the real location of openssl.cnf is on this distro (/etc/ssl/openssl.cnf).

Code:
ln -s /etc/ssl/openssl.cnf /opt/globus/openssl.cnf
Then I ran the create_server_key.sh script and it successfully created the ftpd-dsa.crt file and generated a valid certificate file.

If anyone can figure out another method for the script to look to /etc/ssl/openssl.cnf instead of /opt/globus/openssl.cnf I'd be happy to hear about it.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
SSL Certificate The_JinJ Linux - General 1 03-21-2005 11:46 PM
ssl-certificate twantrd Linux - General 1 03-31-2004 08:47 AM
Not able to install SSL certificate shekar_300 Linux - Security 1 02-12-2004 01:36 PM
ssl certificate question lenlutz Linux - Networking 1 10-08-2003 10:53 AM
SSL certificate without..... Drogo Linux - Software 1 06-13-2003 02:13 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 04:47 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration