[英]SSL certificate generated with OpenSSL not working on NSS
I have SSL certificate ( key.pem, cacert.pem, pcert.pem ) generated with OpenSSL on Linux Mint machine. 我在Linux Mint机器上使用OpenSSL生成SSL证书(key.pem,cacert.pem,pcert.pem)。 Now I'm trying to move my application to another server where is installed Fedora 18 with NSS.
现在,我正在尝试将我的应用程序移动到另一台安装Fedora 18和NSS的服务器上。
cURL is returning this error: cURL返回此错误:
unable to load client key: -8178 (SEC_ERROR_BAD_KEY)
I tested again and on my computer is working fine but on server not. 我再次测试,在我的电脑上工作正常,但在服务器上没有。 I think it's because I used OpenSSL to generate certificates but on server is installed NSS.
我认为这是因为我使用OpenSSL生成证书,但在服务器上安装了NSS。
I can't find how to generate certificates with "certutil" or with "openssl" to be valid with NSS. 我找不到如何生成带有“certutil”或“openssl”的证书对NSS有效。
The failure was due to my PKCS#8 private key format: 失败是由于我的PKCS#8私钥格式:
- With a PKCS#8 private key - 使用PKCS#8私钥
-----BEGIN ENCRYPTED PRIVATE KEY-----
header -----BEGIN ENCRYPTED PRIVATE KEY-----
标题
or 要么
-----BEGIN PRIVATE KEY-----
header -----BEGIN PRIVATE KEY-----
标题
curl+openssl works, but not curl+nss+libnsspem.so curl + openssl有效,但不是curl + nss + libnsspem.so
- With a RSA private key - 使用RSA私钥
-----BEGIN RSA PRIVATE KEY-----
header -----BEGIN RSA PRIVATE KEY-----
标题
both curl+openssl and curl+nss+libnsspem.so work. curl + openssl和curl + nss + libnsspem.so工作。
So use this command openssl rsa -in key.pem -out newkey.pem
to remove the pass phrase on an RSA private key: 因此,使用此命令
openssl rsa -in key.pem -out newkey.pem
删除RSA私钥上的密码短语:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.