[CalendarServer-users] Exception thrown when using chained certificates

Nikola Knežević laladelausanne at gmail.com
Thu Apr 4 22:19:29 PDT 2013 

On Apr 3, 2013, at 1:15 , Glyph wrote:
> OK, Nikola, I can't seem to reproduce your issue myself.  If you have any other information that you think is germane, please let me know.  Can you load the certificate with OpenSSL?  Can you point another web server at it - not caldavd - and speak to clients with it?


Hi Glyph,

I also tried the certificates with Apache - it works. However, when starting Apache, I was prompted for caldav-server.key's password. Maybe that is causing problems for twisted? If so, how could I create a passwordless key, if possible?


OpenSSL correctly verifies the certificate:

/tmp/keys % openssl verify -verbose -CAfile chain.crt -purpose sslserver caldav-server.crt
caldav-server.crt: OK

/tmp/keys % perl -n0777e 'map { print "---\n"; open(CMD, "| openssl x509 -noout -subject -issuer");
quote> print CMD; close(CMD) } /^-----BEGIN.*?^-----END.*?\n/gsm' chain.crt
---
subject= /C=CH/ST=X/O=Nikola/CN=caldav-server
issuer= /C=CH/ST=X/O=Nikola/CN=Intermediate CA
---
subject= /C=CH/ST=X/O=Nikola/CN=Intermediate CA
issuer= /C=CH/ST=X/O=Nikola/CN=Root CA
---
subject= /C=CH/ST=X/O=Nikola/CN=Root CA
issuer= /C=CH/ST=X/O=Nikola/CN=Root CA


/tmp/keys % % openssl x509 -noout -text -in caldav-server.crt
Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number: 1 (0x1)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=CH, ST=X, O=Nikola, CN=Intermediate CA
        Validity
            Not Before: Mar 29 18:43:21 2013 GMT
            Not After : Mar 28 18:43:21 2016 GMT
        Subject: C=CH, ST=X, O=Nikola, CN=caldav-server
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
                    xx
                Exponent: yy
    Signature Algorithm: sha1WithRSAEncryption
        uu


If it may help, these are python modules running on my system:
% pip list
Calendar-and-Contacts-Server (4.2.-r10865M-)
distribute (0.6.35)
kerberos (1.1.1)
opendirectory (1.0)
psutil (0.6.1)
pyasn1 (0.1.6)
pyasn1-modules (0.0.4)
pycalendar (2.0)
pycrypto (2.6)
pycrypto-on-pypi (2.3)
pydoctor (0.5b1)
PyGreSQL (4.1.1)
pyOpenSSL (0.13)
python-dateutil (2.1)
python-ldap (2.4.10)
pytz (2013b)
setproctitle (1.1.7)
six (1.3.0)
sqlparse (0.1.2)
Twisted (12.3.0)
wsgiref (0.1.2)
xattr (0.6.4)
zope.interface (4.0.5)


Thanks,
Nikola

More information about the calendarserver-users mailing list