> >
> > The certificate that is on there right now is the one that gets created when you install elogs. I have tried
> > creating one with a windows server 2008 box with the CA role installed. The certificate is created without issue
> > and I can install it on the server but when I try to restart the elog service it wont start until I put the
> > original server.crt and server.key file back into the ssl directory.
> >
>
> I don't know anything about Windows server CA, but eLog is very strict in the syntax of the CERTs.
> I had to learn it the hard way when installing a chain CERT.
>
> For server.crt and server.key it MUST NOT be a chain cert. Therefor you have to use chain.crt
>
> Are the generated CERTs ASCII (with only one -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- in
> server.crt
> and -----BEGIN RSA PRIVATE KEY----- and -----END RSA PRIVATE KEY----- in server.key)?
>
> So the eLog generated keys should look like..
>
> GS
Thanks for your reply. I appreciate it alot.
When I created my certificate it came out as a .cer [there was no .key file] and looking at the code that was posted
below it looks like unless there is a server.crt and server.key file in the ssl folder the program will exit: So I
guess I need to figure out how to generate a certificate that elog will understand using a .key file and a .crt file.
So I might have to research certificates more.
To be honest I'm not an expert on SSL. I just use following code inside ELOG to initialize the SSL connection:
SSL_CTX *init_ssl(void)
{
char str[256];
SSL_METHOD *meth;
SSL_CTX *ctx;
SSL_library_init();
SSL_load_error_strings();
meth = SSLv23_method();
ctx = SSL_CTX_new(meth);
strlcpy(str, resource_dir, sizeof(str));
strlcat(str, "ssl/server.crt", sizeof(str));
if (!file_exist(str)) {
eprintf("Cerificate file \"%s\" not found, aborting\n", str);
return NULL;
}
if (SSL_CTX_use_certificate_file(ctx, str, SSL_FILETYPE_PEM) < 0)
return NULL;
strlcpy(str, resource_dir, sizeof(str));
strlcat(str, "ssl/server.key", sizeof(str));
if (!file_exist(str)) {
eprintf("Key file \"%s\" not found, aborting\n", str);
return NULL;
}
if (SSL_CTX_use_PrivateKey_file(ctx, str, SSL_FILETYPE_PEM) < 0)
return NULL;
if (SSL_CTX_check_private_key(ctx) < 0)
return NULL;
strlcpy(str, resource_dir, sizeof(str));
strlcat(str, "ssl/chain.crt", sizeof(str));
if (file_exist(str))
SSL_CTX_use_certificate_chain_file(ctx, str);
return ctx;
} |