python - "key values mismatch" when using context.use_certificate_chain_file -

-

when using context.use_certificate_chain_file key error (openssl.context python). error is:

traceback (most recent call last):   file "/home/user/public_html/application.py", line 363, in <module>     context.use_privatekey_file('/etc/ssl/private/' + hostname + '.key') openssl.ssl.error: [('x509 certificate routines', 'x509_check_private_key', 'key values mismatch')]

it saying key values mismatch, wouldn't think chain affect that.

if comment context.use_certificate_chain_file line, works (but gives ssl verification error in browser).

here snippet of code:

context = openssl.context(openssl.sslv23_method) context.set_options(openssl.op_no_sslv2) context.set_options(openssl.op_no_sslv3) context.use_certificate_file('/etc/ssl/certs/' + hostname + '.crt') context.use_certificate_chain_file('/etc/ssl/certs/' + hostname + '.cabundle') context.use_privatekey_file('/etc/ssl/private/' + hostname + '.key') context.set_cipher_list(':'.join(supported_ciphers))

any ideas why giving error?

any ideas why giving error?

the error propagated openssl. error 0x0b080074:

$ openssl errstr 0x0b080074 error:0b080074:x509 certificate routines:x509_check_private_key:key values mismatch

based on ssl install problem - “key value mismatch” (but match?), have 1 of 2 problems.

first, private key not match public key in certificate. second, certificate_chain_file missing intermediate certificates required build valid path server's certificate root. here, root ca signed certificate.

so fix either (1) ensure public/private key pair in fact pair, or (2) include necessary intermediate certificates in chain file.

without knowing private key ('/etc/ssl/private/' + hostname + '.key'), server certificate ('/etc/ssl/certs/' + hostname + '.crt') or contents of chain file ('/etc/ssl/certs/' + hostname + '.cabundle'), can't give more details on how fix it.

you can provide server's certificate with:

cat '/etc/ssl/certs/' + hostname + '.crt' | openssl x509 -text -noout

you can provide chain file cat'ing. 3 or 4 pem encoded certificates concatenated together:

cat `'/etc/ssl/certs/' + hostname + '.cabundle'`

Comments

Post a Comment

Popular posts from this blog

google chrome - Developer tools - How to inspect the elements which are added momentarily (by JQuery)? -

-
i looking @ how website designed using inspector in chrome. can use firefox developer tools or firefox web developer add-on or chrome web developer extension. so website has slide-show , using jquery it. looking @ markup , css in inspector, i see 2 things constantly changing slides change: one opacity css property understandable, i'd see changing values, changes fast see read anything. second- a div added in div slides change momentarily , moment when appears short notice except div . so question is there way stop slideshow can temporarily rid of blinking sort of effect (by speedy adding , removal , changing of elements , values)? where can inspect div element gets added such short moment , , gets removed? , can see changes in value of opacity takes place? is there way stop slideshow can temporarily rid of blinking sort of effect (by speedy adding , removal , changing of elements , values)? if opacity animated css transition or animation,
Read more

angularjs - Showing an empty as first option in select tag -

-
my app showing empty select field first entry. have read other solution given , tried still not working. my controller code is: .controller('usercreatecontroller', function(user,profile,auth) { alert("hello"); var vm = this; vm.type = 'create'; profile.all() //this service fetch profiles shown in select field .success(function(data){ vm.profile = data; }); vm.userdata.profile = vm.profile[0]; //here have set default value select field and html page is: <label class="col-sm-2 control-label">profile</label> <div class="col-sm-8"> <select ng-model="user.userdata.profile" ng-options="person._id person.profilename person in user.profile"> </select> </div> hierarchy of vm.profile { "_id": 46, "profile": objectid("5516498e95b84548156db754"), "isactive": true, "password": "$2
Read more

php - Cloud9 cloud IDE and CakePHP -

-
i attempting cakephp running on cloud9, cloud based ide. unaware, cloud collaboration ide intermixes services such bitbucket. site gives sudo rights, , installed cakephp using these instructions: https://www.digitalocean.com/community/tutorials/how-to-install-cakephp-on-an-ubuntu-12-04-vps when attempt run database exported machine cakephp installed, error message "url rewriting not configured on server." attempted solve issue using official guide cakephp: http://book.cakephp.org/2.0/en/installation/url-rewriting.html but no cigar, same error message. has gotten cakephp working, or aware of cloud ide free/low cost cloud9 support cakephp? here's how got working now: sudo apt-get update sudo apt-get install php5-intl curl -ss https://getcomposer.org/installer | php -- --filename=composer ./composer create-project --prefer-dist cakephp/app this creates project in /app default. move workspace docroot: mv app/* ./ mv app/.* ./ rm -rf app then de
Read more