Loading ...
Sorry, an error occurred while loading the content.

289652Re: OpenSSL: TXT_DB error number 2

Expand Messages
  • Viktor Dukhovni
    Nov 25, 2012
    • 0 Attachment
      On Sun, Nov 25, 2012 at 07:12:00AM -0500, sllex@... wrote:

      > It turned out that my version of genrsa doesn't support the -nodes
      > option. I removed it and it didn't raise any errors.

      Actually that's universal, I forgot that while with req(1) encryption
      of the private key is the default and "-nodes" turns it off, with
      genrsa(1) no encryption is the default and "-aes128" or similar
      turns it on.

      > > When I run this and check the contents of the smtpd.pem file (did
      > > you ever look at the file contents? Why not?) I see:
      >
      > > $ egrep '^-----' smtpd.pem
      > > -----BEGIN PRIVATE KEY-----
      > > -----END PRIVATE KEY-----
      > > -----BEGIN CERTIFICATE-----
      > > -----END CERTIFICATE-----
      >
      > It was:
      >
      > -----BEGIN CERTIFICATE-----
      > -----END CERTIFICATE-----
      > -----END PRIVATE KEY-----

      So the output was overlapped, which is different than what I see
      (but I only tested OpenSSL 1.0.x on BSD-like systems). Thus it is
      safer to generate the key and cert in separate command invocations.

      > I removed the -nodes option and it worked.
      >
      > [...]
      > Verify return code: 18 (self signed certificate)
      > ---
      > 250 DSN
      > read:errno=0
      >
      > How to debug the above output? Is it OK?

      Nothing to debug, you're all set.

      --
      Viktor.
    • Show all 21 messages in this topic