Demo Discussion
Forum Config Examples Contributions Vulnerabilities
  Discussion forum about ELOG  Not logged in ELOG logo
icon7.gif   Certificate Error, posted by John Lemko on Tue Dec 8 18:57:31 2009 Elog_Error.jpg
    icon2.gif   Re: Certificate Error, posted by Gerhard Schneider on Tue Dec 8 19:22:06 2009 
       icon2.gif   Re: Certificate Error, posted by John Lemko on Tue Dec 8 19:34:11 2009 
          icon2.gif   Re: Certificate Error, posted by Gerhard Schneider on Tue Dec 8 19:47:56 2009 
             icon2.gif   Re: Certificate Error, posted by John Lemko on Tue Dec 8 22:06:47 2009 
          icon2.gif   Re: Certificate Error, posted by Stefan Ritt on Tue Dec 8 20:16:59 2009 
             icon2.gif   Re: Certificate Error, posted by John Lemko on Tue Dec 8 21:57:37 2009 
Message ID: 66649     Entry time: Tue Dec 8 22:06:47 2009     In reply to: 66646
Icon: Reply  Author: John Lemko  Author Email: jlemko@hotmail.com 
Category: Question  OS: Windows  ELOG Version: latest 
Subject: Re: Certificate Error 
> > 
> > The certificate that is on there right now is the one that gets created when you install elogs.  I have tried 
> > creating one with a windows server 2008 box with the CA role installed.  The certificate is created without issue 
> > and I can install it on the server but when I try to restart the elog service it wont start until I put the 
> > original server.crt and server.key file back into the ssl directory.  
> > 
> 
> I don't know anything about Windows server CA, but eLog is very strict in the syntax of the CERTs.
> I had to learn it the hard way when installing a chain CERT.
> 
> For server.crt and server.key it MUST NOT be a chain cert. Therefor you have to use chain.crt
> 
> Are the generated CERTs ASCII (with only one -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- in
> server.crt 
> and -----BEGIN RSA PRIVATE KEY----- and -----END RSA PRIVATE KEY----- in server.key)?
> 
> So the eLog generated keys should look like..
> 
> GS

Thanks for your reply.  I appreciate it alot.

When I created my certificate it came out as a .cer [there was no .key file] and looking at the code that was posted 
below it looks like unless there is a server.crt and server.key file in the ssl folder the program will exit:  So I 
guess I need to figure out how to generate a certificate that elog will understand using a .key file and a .crt file.  
So I might have to research certificates more.

To be honest I'm not an expert on SSL. I just use following code inside ELOG to initialize the SSL connection:

SSL_CTX *init_ssl(void)
{
   char str[256];
   SSL_METHOD *meth;
   SSL_CTX *ctx;

   SSL_library_init();
   SSL_load_error_strings();

   meth = SSLv23_method();
   ctx = SSL_CTX_new(meth);

   strlcpy(str, resource_dir, sizeof(str));
   strlcat(str, "ssl/server.crt", sizeof(str));
   if (!file_exist(str)) {
      eprintf("Cerificate file \"%s\" not found, aborting\n", str);
      return NULL;
   }
   if (SSL_CTX_use_certificate_file(ctx, str, SSL_FILETYPE_PEM) < 0)
      return NULL;

   strlcpy(str, resource_dir, sizeof(str));
   strlcat(str, "ssl/server.key", sizeof(str));
   if (!file_exist(str)) {
      eprintf("Key file \"%s\" not found, aborting\n", str);
      return NULL;
   }
   if (SSL_CTX_use_PrivateKey_file(ctx, str, SSL_FILETYPE_PEM) < 0)
      return NULL;
   if (SSL_CTX_check_private_key(ctx) < 0)
      return NULL;

   strlcpy(str, resource_dir, sizeof(str));
   strlcat(str, "ssl/chain.crt", sizeof(str));
   if (file_exist(str))
      SSL_CTX_use_certificate_chain_file(ctx, str);

   return ctx;
}
ELOG V3.1.5-fe60aaf