使用OpenSSL生成的SSL证书不能在NSS上工作 [英] SSL certificate generated with OpenSSL not working on NSS
问题描述
我在Linux Mint机器上使用OpenSSL生成SSL证书(key.pem,cacert.pem,pcert.pem)。现在我试图将我的应用程序移动到另一个服务器,其中安装了Fedora 18与NSS。
I have SSL certificate ( key.pem, cacert.pem, pcert.pem ) generated with OpenSSL on Linux Mint machine. Now I'm trying to move my application to another server where is installed Fedora 18 with NSS.
cURL返回此错误:
cURL is returning this error:
unable to load client key: -8178 (SEC_ERROR_BAD_KEY)
我再次测试,在我的电脑上工作正常,但在服务器不。我认为这是因为我使用OpenSSL来生成证书,但在服务器上安装了NSS。
I tested again and on my computer is working fine but on server not. I think it's because I used OpenSSL to generate certificates but on server is installed NSS.
我找不到如何使用certutil
I can't find how to generate certificates with "certutil" or with "openssl" to be valid with NSS.
推荐答案
失败是由于我的PKCS#8私钥格式:
- 使用PKCS#8私钥
----- BEGIN加密私钥KEY--
标题
或
----- BEGIN PRIVATE KEY -----
标题
curl + openssl工作,但不curl + nss + libnsspem.so
- 使用RSA私钥
----- BEGIN RSA私有密钥-----
头
curl + openssl和curl + nss + libnsspem.so工作。
The failure was due to my PKCS#8 private key format:
- With a PKCS#8 private key
-----BEGIN ENCRYPTED PRIVATE KEY-----
header
or
-----BEGIN PRIVATE KEY-----
header
curl+openssl works, but not curl+nss+libnsspem.so
- With a RSA private key
-----BEGIN RSA PRIVATE KEY-----
header
both curl+openssl and curl+nss+libnsspem.so work.
因此,使用此命令 openssl rsa -in key.pem -out newkey.pem
可删除密码RSA私钥:
So use this command openssl rsa -in key.pem -out newkey.pem
to remove the pass phrase on an RSA private key:
这篇关于使用OpenSSL生成的SSL证书不能在NSS上工作的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!