[CalendarServer-users] Exception thrown when using chained certificates
Nikola Knežević
laladelausanne at gmail.com
Thu Apr 4 22:19:29 PDT 2013
On Apr 3, 2013, at 1:15 , Glyph wrote:
> OK, Nikola, I can't seem to reproduce your issue myself. If you have any other information that you think is germane, please let me know. Can you load the certificate with OpenSSL? Can you point another web server at it - not caldavd - and speak to clients with it?
Hi Glyph,
I also tried the certificates with Apache - it works. However, when starting Apache, I was prompted for caldav-server.key's password. Maybe that is causing problems for twisted? If so, how could I create a passwordless key, if possible?
OpenSSL correctly verifies the certificate:
/tmp/keys % openssl verify -verbose -CAfile chain.crt -purpose sslserver caldav-server.crt
caldav-server.crt: OK
/tmp/keys % perl -n0777e 'map { print "---\n"; open(CMD, "| openssl x509 -noout -subject -issuer");
quote> print CMD; close(CMD) } /^-----BEGIN.*?^-----END.*?\n/gsm' chain.crt
---
subject= /C=CH/ST=X/O=Nikola/CN=caldav-server
issuer= /C=CH/ST=X/O=Nikola/CN=Intermediate CA
---
subject= /C=CH/ST=X/O=Nikola/CN=Intermediate CA
issuer= /C=CH/ST=X/O=Nikola/CN=Root CA
---
subject= /C=CH/ST=X/O=Nikola/CN=Root CA
issuer= /C=CH/ST=X/O=Nikola/CN=Root CA
/tmp/keys % % openssl x509 -noout -text -in caldav-server.crt
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 1 (0x1)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=CH, ST=X, O=Nikola, CN=Intermediate CA
Validity
Not Before: Mar 29 18:43:21 2013 GMT
Not After : Mar 28 18:43:21 2016 GMT
Subject: C=CH, ST=X, O=Nikola, CN=caldav-server
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
xx
Exponent: yy
Signature Algorithm: sha1WithRSAEncryption
uu
If it may help, these are python modules running on my system:
% pip list
Calendar-and-Contacts-Server (4.2.-r10865M-)
distribute (0.6.35)
kerberos (1.1.1)
opendirectory (1.0)
psutil (0.6.1)
pyasn1 (0.1.6)
pyasn1-modules (0.0.4)
pycalendar (2.0)
pycrypto (2.6)
pycrypto-on-pypi (2.3)
pydoctor (0.5b1)
PyGreSQL (4.1.1)
pyOpenSSL (0.13)
python-dateutil (2.1)
python-ldap (2.4.10)
pytz (2013b)
setproctitle (1.1.7)
six (1.3.0)
sqlparse (0.1.2)
Twisted (12.3.0)
wsgiref (0.1.2)
xattr (0.6.4)
zope.interface (4.0.5)
Thanks,
Nikola
More information about the calendarserver-users
mailing list