curl-users
Re[2]: Private key problem
Date: Thu, 5 Dec 2002 17:43:50 +0400
Hello Goetz Babin-Ebell.
>>>> ./curl --key ./private.key --cacert ./ca_new.txt -v --cert
>>>> ./www_site_com.crt https://secure.authorize.net/gateway/transact.dll
>>>>* About to connect() to secure.authorize.net:443
>>>>* Connected to secure.authorize.net (206.253.210.201) port 443
>>>>* unable to set private key file
>>>>* Closing connection #0
>>>>curl: (58) unable to set private key file
>> GBE> Is in www_site_com.crt your certificate ?
>> yes - it's 100% correct certificate from comodo.net or .org
>> GBE> the key in --key must match the cert in --cert ...
>> as private key we put private key generated by
>> openssl req –new –nodes -keyout myserver.key –out server.csr
GBE> what gives
GBE> openssl x509 -text -noout -in www_site_com.crt
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
18:29:85:cd:98:3a:d1:a2:d1:c5:fa:2c:e2:8b:c9:a5
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=GB, O=Comodo Limited, OU=Comodo Trust Network, OU=Terms and Co
nditions of use: http://www.comodo.net/repository, OU=(c)2002 Comodo Limited, CN
=Comodo Class 3 Security Services CA
Validity
Not Before: Nov 7 00:00:00 2002 GMT
Not After : Nov 7 23:59:59 2003 GMT
Subject: C=US/2.5.4.17=16601, ST=PA, L=Altoona/2.5.4.9=Altoona/2.5.4.9=R
D 5 Box 3764, O=Taoti, OU=Taoti Enterprises, Inc., OU=InstantSSL, CN=www.taoti.c
om
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:d1:a8:49:1b:96:94:61:8a:27:7d:33:63:06:46:
d0:73:ff:91:ed:cb:04:e0:f6:2d:59:3e:fa:e4:ac:
6d:57:50:a1:29:89:21:87:44:87:05:0f:e2:56:74:
26:1d:00:1f:eb:12:c7:22:cf:33:b0:7a:50:5f:3e:
0b:fd:f0:de:76:12:b6:cb:75:f2:05:f9:32:02:bb:
93:77:54:ac:37:28:af:ff:2d:58:1f:a0:03:60:6e:
5d:59:6c:0d:d2:43:f4:1b:80:ab:bb:80:7c:cf:53:
cd:aa:ab:d0:77:96:08:b4:16:93:5b:f2:0b:93:3a:
d6:1f:1e:07:4e:bc:05:05:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:F6:52:22:17:15:13:08:03:59:BF:18:95:9F:48:B4:B9:E9:FE:F8:6
6
X509v3 Subject Key Identifier:
2A:3F:96:2F:6A:0E:92:B8:22:BE:81:A8:26:BA:D5:DF:BF:48:0E:A7
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.6449.1.2.1.3.4
CPS: https://secure.comodo.net/CPS
X509v3 CRL Distribution Points:
URI:http://crl.comodo.net/Class3SecurityServices_2.crl
URI:http://crl.comodoca.com/Class3SecurityServices_2.crl
email:Class3SecurityServices_2_at_crl.comodo.net
Netscape Cert Type:
SSL Client, SSL Server
Signature Algorithm: sha1WithRSAEncryption
3b:89:4c:dd:b5:27:3f:59:04:4c:10:3c:18:56:e5:86:1a:a7:
bf:68:9d:58:e8:cb:1b:06:5c:f4:fb:63:59:52:e1:dd:65:d0:
af:bf:28:0c:56:01:5f:6b:11:48:cf:6a:4b:0c:5d:38:9f:ea:
58:a1:97:fe:5c:d4:36:68:67:be:fc:8d:38:e3:f2:28:bf:f4:
ab:26:3b:91:8f:4d:b5:22:c4:3f:99:68:a3:2b:6d:07:66:cd:
75:9f:a7:79:69:a7:64:2e:b7:d1:db:40:95:b2:b7:fd:c7:bb:
4b:20:ec:0f:eb:4c:00:17:4c:7c:48:3b:9a:21:10:80:72:30:
10:16:14:46:36:47:02:77:98:89:65:7e:0d:17:30:27:0e:c5:
a6:17:99:ce:24:a8:13:cd:ec:81:da:95:4b:b4:ff:a4:e2:65:
1c:da:59:b9:52:62:4c:7c:db:a2:0a:b7:d2:6d:a6:16:35:f3:
25:1a:61:57:b1:68:38:17:a2:4c:c9:fe:cc:6c:bd:8a:0f:3e:
a7:fd:00:e9:fd:54:1e:87:9c:1d:94:5f:9e:d2:80:59:63:5d:
cf:8c:86:1e:4e:fb:ee:6d:98:3c:63:b9:8a:5e:d3:27:e7:ff:
82:78:40:78:de:d1:a4:16:46:4d:1e:28:01:67:37:27:cd:66:
ad:7f:bd:cf
GBE> And try
GBE> openssl s_client -connect secure.authorize.net:443 \
GBE> -key ./private.key -cert ./www_site_com.crt -debug
unable to get private key from './private.key'
6720:error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch:x509_cmp.c:279:
GBE> But why give you a client key/cert ?
GBE> the site requires no client authentication....
If I try to connect without defination certificates and key
using
openssl s_client -connect secure.authorize.net:443 -debug
it show
....
--- Certificate chain 0 s:/C=US/ST=Utah/L=Provo/O=AUTHORIZE.NET CORPORATION/OU=DEVELOPMENT/OU=Terms of use at www.verisign.com/RPA (c)01/CN=SECURE.AUTHORIZE.NET i:/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority --- Server certificate -----BEGIN CERTIFICATE----- MIIClDCCAgECEGW4nosdlGruYkPURxTXybkwDQYJKoZIhvcNAQEEBQAwXzELMAkG A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTAx MDQyNTAwMDAwMFoXDTAzMDQyOTIzNTk1OVowgboxCzAJBgNVBAYTAlVTMQ0wCwYD VQQIEwRVdGFoMQ4wDAYDVQQHFAVQcm92bzEiMCAGA1UEChQZQVVUSE9SSVpFLk5F VCBDT1JQT1JBVElPTjEUMBIGA1UECxQLREVWRUxPUE1FTlQxMzAxBgNVBAsUKlRl cm1zIG9mIHVzZSBhdCB3d3cudmVyaXNpZ24uY29tL1JQQSAoYykwMTEdMBsGA1UE AxQUU0VDVVJFLkFVVEhPUklaRS5ORVQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ AoGBAMde4NeV0i2dLJ4QlhtQax1m+wizuWc8X+ViaT/X3iad6mG/QwzF5rJOICnQ opAhMzuuMrTk3qNGTyLTKKQ0XVC2/I3xq7e9HCbYvyDHWw4biNOU9O6FsiIkbtTu dFpQm5NjS6v/EmJJaJuz4Gnt+pmzkCCLN4T165HCQ9k6w60hAgMBAAEwDQYJKoZI hvcNAQEEBQADfgAejHGCm7batwIJPvuFTzxOBKFlJcnKuLluQZw5KEpWmVohaW1V rPOh7pn09cXQIl8CM+BGQ4S+J0U+I8W7ZE5B9Sy7iKFlrePRBDjMmNilxeLqQitS SVaCSQCD8ZDBQH/FALXzclEhlpDz15tOWGGDf54VCSe12bi7qasAjg== -----END CERTIFICATE----- subject=/C=US/ST=Utah/L=Provo/O=AUTHORIZE.NET CORPORATION/OU=DEVELOPMENT/OU=Terms of use at www.verisign.com/RPA (c)01/CN=SECURE.AUTHORIZE.NET issuer=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority --- No client certificate CA names sent --- SSL handshake has read 800 bytes and written 306 bytes --- New, TLSv1/SSLv3, Cipher is RC4-MD5 Server public key is 1024 bit SSL-Session: Protocol : TLSv1 Cipher : RC4-MD5 Session-ID: 531D0000E4CE181614671359991D64688DB18E069E13D04CF021EF105205746E Session-ID-ctx: Master-Key: 2EEA12774E646150AE012325470035597A843D9260C711360B64C8DA966700DC0D54A010E7C47914C39D4C4584D664AF Key-Arg : None Start Time: 1039116380 Timeout : 300 (sec) Verify return code: 21 (unable to verify the first certificate) --- if I try ./curl -v https://secure.authorize.net/gateway/transact.dll * About to connect() to secure.authorize.net:443 * Connected to secure.authorize.net (206.253.210.201) port 443 * error setting cerficate verify locations* Closing connection #0 curl: (60) error setting cerficate verify locations may be my private key is wrong? May be I generate not correct private.key? If so how to generate it correct? We are using curl for making payment via authorize.net .... > here I entered for example GET / and pressed enter twice it showed > me .... HTTP/1.1 400 Bad Request Server: Microsoft-IIS/5.0 Date: Thu, 05 Dec 2002 13:42:17 GMT Content-Type: text/html Content-Lread from 08151E08 [081573B0] (5 bytes => 5 (0x5)) 0000 - 17 03 01 00 74 ....t read from 08151E08 [081573B5] (116 bytes => 116 (0x74)) 0000 - 9a 66 9f db 8c 24 93 a6-ea 13 21 bf a1 82 7d 13 .f...$....!...}. 0010 - 04 46 08 fa bf de 82 b0-a6 d1 c7 bf 83 3b 9b 6e .F...........;.n 0020 - 15 f8 b5 7b 6a 77 46 0e-08 71 98 97 ed da a2 64 ...{jwF..q.....d 0030 - cb e8 30 27 20 b3 ce d9-77 09 48 78 42 1d ea bd ..0' ...w.HxB... 0040 - 04 a6 e3 3f ea e4 f7 64-23 e6 be 35 83 81 46 bc ...?...d#..5..F. 0050 - 84 8f b5 da 27 69 98 2b-2e 60 60 63 18 be a8 60 ....'i.+.``c...` 0060 - 8b b4 0c a2 f7 76 1b 05-f3 26 70 6f 32 38 de f6 .....v...&po28.. 0070 - f5 eb 6a d2 ..j. ength: 87 <html><head><title>Error</title></head><body>The parameter is incorrect. </body></html>read from 08151E08 [081573B0] (5 bytes => 0 (0x0)) read:errno=0 write to 08151E08 [0815BBC0] (23 bytes => 23 (0x17)) 0000 - 15 03 01 00 12 a5 67 89-b6 8d 44 7f b1 b5 6d cb ......g...D...m. 0010 - 6d d8 fb 74 62 84 8b m..tb.. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sfReceived on 2002-12-05