[hunchentoot-devel] Running Hunchentoot with ssl
Hello, I'm trying to figure out how to run Hunchentoot with SSL but I'm getting lost. I'm using it under a gentoo linux installation. I think the problem is with my ssl certificete file. to create it I use `openssl genrsa -out File.pem 1024` but since (defparameter *x* (hunchentoot:start-server :port 4443 :ssl-certificate-file #P"/home/kiuma/File.pem")) does not start the server. Does anybody know how to create a test certificate file with openssl or another tool ? Thanks in advance, kiuma
I always use the How To's found on the OpenSSL website which you can find here http://www.openssl.org/docs/HOWTO/ Andrea Chiumenti wrote:
Hello, I'm trying to figure out how to run Hunchentoot with SSL but I'm getting lost. I'm using it under a gentoo linux installation. I think the problem is with my ssl certificete file.
to create it I use `openssl genrsa -out File.pem 1024` but since (defparameter *x* (hunchentoot:start-server :port 4443 :ssl-certificate-file #P"/home/kiuma/File.pem")) does not start the server.
Does anybody know how to create a test certificate file with openssl or another tool ?
Thanks in advance, kiuma ------------------------------------------------------------------------
_______________________________________________ tbnl-devel site list tbnl-devel@common-lisp.net http://common-lisp.net/mailman/listinfo/tbnl-devel
I also just noticed that you didn't provide the private key file input to your start server function. Try something like: (hunchentoot::start-server :port 443 ;:ssl-privatekey-password <password to key file if version of lisp supports this> :ssl-certificate-file *ssl-certificate-path* :ssl-privatekey-file *ssl-private-key-path*) You will need both the certificate and private key files to start a secure server. The howto listed below provides the directions, make sure you use the instructions on a self-signed certificate when producing the certificate file. Brian wrote:
I always use the How To's found on the OpenSSL website which you can find here
http://www.openssl.org/docs/HOWTO/
Andrea Chiumenti wrote:
Hello, I'm trying to figure out how to run Hunchentoot with SSL but I'm getting lost. I'm using it under a gentoo linux installation. I think the problem is with my ssl certificete file.
to create it I use `openssl genrsa -out File.pem 1024` but since (defparameter *x* (hunchentoot:start-server :port 4443 :ssl-certificate-file #P"/home/kiuma/File.pem")) does not start the server.
Does anybody know how to create a test certificate file with openssl or another tool ?
Thanks in advance, kiuma ------------------------------------------------------------------------
_______________________________________________ tbnl-devel site list tbnl-devel@common-lisp.net http://common-lisp.net/mailman/listinfo/tbnl-devel
_______________________________________________ tbnl-devel site list tbnl-devel@common-lisp.net http://common-lisp.net/mailman/listinfo/tbnl-devel
into /home/kiuma/pem I've executed:
openssl genrsa -out CA.key 1024 openssl req -new -key CA.key -x509 -days 1095 -out CA.crt
Country Name (2 letter code) [AU]:IT State or Province Name (full name) [Some-State]:Milano Locality Name (eg, city) []:Monza Organization Name (eg, company) [Internet Widgits Pty Ltd]:wingstech.priv Organizational Unit Name (eg, section) []:kasa.wingstech.priv Common Name (eg, YOUR name) []:Chiumenti Andrea Email Address []:my@e.mail the in slime repl: (defparameter *x* (hunchentoot:start-server :port 4443 :ssl-certificate-file #P"/home/kiuma/pem/CA.key" :ssl-certificate-file #P"/home/kiuma/pem/CA.crt")) The server stays mute :(( On Jan 4, 2008 7:27 PM, Brian <brian@liberatinginsight.com> wrote:
I also just noticed that you didn't provide the private key file input to your start server function. Try something like:
(hunchentoot::start-server :port 443 ;:ssl-privatekey-password <password to key file if version of lisp supports this> :ssl-certificate-file *ssl-certificate-path* :ssl-privatekey-file *ssl-private-key-path*)
You will need both the certificate and private key files to start a secure server. The howto listed below provides the directions, make sure you use the instructions on a self-signed certificate when producing the certificate file.
Brian wrote:
I always use the How To's found on the OpenSSL website which you can find here
http://www.openssl.org/docs/HOWTO/
Andrea Chiumenti wrote:
Hello, I'm trying to figure out how to run Hunchentoot with SSL but I'm getting lost. I'm using it under a gentoo linux installation. I think the problem is with my ssl certificete file.
to create it I use `openssl genrsa -out File.pem 1024` but since (defparameter *x* (hunchentoot:start-server :port 4443 :ssl-certificate-file #P"/home/kiuma/File.pem")) does not start the server.
Does anybody know how to create a test certificate file with openssl or another tool ?
Thanks in advance, kiuma
_______________________________________________ tbnl-devel site list tbnl-devel@common-lisp.net http://common-lisp.net/mailman/listinfo/tbnl-devel
_______________________________________________ tbnl-devel site list tbnl-devel@common-lisp.net http://common-lisp.net/mailman/listinfo/tbnl-devel
_______________________________________________ tbnl-devel site list tbnl-devel@common-lisp.net http://common-lisp.net/mailman/listinfo/tbnl-devel
Stupid me: Ididn't checkout the logs [2008-01-04 19:46:13 [ERROR]] Error while processing connection: SSL initialization error: Can't load RSA private key ~A what does it mean ? On Jan 4, 2008 7:41 PM, Andrea Chiumenti <kiuma72@gmail.com> wrote:
into /home/kiuma/pem I've executed:
openssl genrsa -out CA.key 1024 openssl req -new -key CA.key -x509 -days 1095 -out CA.crt
Country Name (2 letter code) [AU]:IT State or Province Name (full name) [Some-State]:Milano Locality Name (eg, city) []:Monza Organization Name (eg, company) [Internet Widgits Pty Ltd]:wingstech.priv Organizational Unit Name (eg, section) []:kasa.wingstech.priv Common Name (eg, YOUR name) []:Chiumenti Andrea Email Address []:my@e.mail
the in slime repl:
(defparameter *x* (hunchentoot:start-server :port 4443 :ssl-certificate-file #P"/home/kiuma/pem/CA.key" :ssl-certificate-file #P"/home/kiuma/pem/CA.crt"))
The server stays mute :((
On Jan 4, 2008 7:27 PM, Brian <brian@liberatinginsight.com> wrote:
I also just noticed that you didn't provide the private key file input to your start server function. Try something like:
(hunchentoot::start-server :port 443 ;:ssl-privatekey-password <password to key file if version of lisp supports this> :ssl-certificate-file *ssl-certificate-path* :ssl-privatekey-file *ssl-private-key-path*)
You will need both the certificate and private key files to start a secure server. The howto listed below provides the directions, make sure you use the instructions on a self-signed certificate when producing the
certificate file.
Brian wrote:
I always use the How To's found on the OpenSSL website which you can find here
http://www.openssl.org/docs/HOWTO/
Andrea Chiumenti wrote:
Hello, I'm trying to figure out how to run Hunchentoot with SSL but I'm getting lost. I'm using it under a gentoo linux installation. I think the problem is with my ssl certificete file.
to create it I use `openssl genrsa -out File.pem 1024` but since (defparameter *x* (hunchentoot:start-server :port 4443 :ssl-certificate-file #P"/home/kiuma/File.pem")) does not start the server.
Does anybody know how to create a test certificate file with openssl or another tool ?
Thanks in advance, kiuma
_______________________________________________ tbnl-devel site list tbnl-devel@common-lisp.net http://common-lisp.net/mailman/listinfo/tbnl-devel
_______________________________________________ tbnl-devel site list tbnl-devel@common-lisp.net http://common-lisp.net/mailman/listinfo/tbnl-devel
_______________________________________________ tbnl-devel site list tbnl-devel@common-lisp.net http://common-lisp.net/mailman/listinfo/tbnl-devel
The code you included below for starting the server has a typo in it. You provided the keywork :ssl-certificate-file twice. Try using this instead (defparameter *x* (hunchentoot:start-server :port 4443 :ssl-privatekey-file #P"/home/kiuma/pem/CA.key" :ssl-certificate-file #P"/home/kiuma/pem/CA.crt")) Also I assume you want port 4443 and not the standard 443 Andrea Chiumenti wrote:
into /home/kiuma/pem I've executed:
openssl genrsa -out CA.key 1024 openssl req -new -key CA.key -x509 -days 1095 -out CA.crt
Country Name (2 letter code) [AU]:IT State or Province Name (full name) [Some-State]:Milano Locality Name (eg, city) []:Monza Organization Name (eg, company) [Internet Widgits Pty Ltd]:wingstech.priv Organizational Unit Name (eg, section) []:kasa.wingstech.priv Common Name (eg, YOUR name) []:Chiumenti Andrea Email Address []:my@e.mail <mailto:my@e.mail>
the in slime repl:
(defparameter *x* (hunchentoot:start-server :port 4443 :ssl-certificate-file #P"/home/kiuma/pem/CA.key" :ssl-certificate-file #P"/home/kiuma/pem/CA.crt"))
The server stays mute :(( On Jan 4, 2008 7:27 PM, Brian <brian@liberatinginsight.com <mailto:brian@liberatinginsight.com>> wrote:
I also just noticed that you didn't provide the private key file input to your start server function. Try something like:
(hunchentoot::start-server :port 443 ;:ssl-privatekey-password <password to key file if version of lisp supports this> :ssl-certificate-file *ssl-certificate-path* :ssl-privatekey-file *ssl-private-key-path*)
You will need both the certificate and private key files to start a secure server. The howto listed below provides the directions, make sure you use the instructions on a self-signed certificate when producing the certificate file.
Brian wrote: > I always use the How To's found on the OpenSSL website which you can > find here > > http://www.openssl.org/docs/HOWTO/ > > > > Andrea Chiumenti wrote: >> Hello, >> I'm trying to figure out how to run Hunchentoot with SSL but I'm >> getting lost. >> I'm using it under a gentoo linux installation. >> I think the problem is with my ssl certificete file. >> >> to create it I use `openssl genrsa -out File.pem 1024` but since >> (defparameter *x* (hunchentoot:start-server :port 4443 >> :ssl-certificate-file #P"/home/kiuma/File.pem")) does not start the >> server. >> >> Does anybody know how to create a test certificate file with openssl >> or another tool ? >> >> Thanks in advance, >> kiuma >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> tbnl-devel site list >> tbnl-devel@common-lisp.net <mailto:tbnl-devel@common-lisp.net> >> http://common-lisp.net/mailman/listinfo/tbnl-devel <http://common-lisp.net/mailman/listinfo/tbnl-devel> > > _______________________________________________ > tbnl-devel site list > tbnl-devel@common-lisp.net <mailto:tbnl-devel@common-lisp.net> > http://common-lisp.net/mailman/listinfo/tbnl-devel > >
_______________________________________________ tbnl-devel site list tbnl-devel@common-lisp.net <mailto:tbnl-devel@common-lisp.net> http://common-lisp.net/mailman/listinfo/tbnl-devel
------------------------------------------------------------------------
_______________________________________________ tbnl-devel site list tbnl-devel@common-lisp.net http://common-lisp.net/mailman/listinfo/tbnl-devel
Thank you very much, it's working now! On Jan 4, 2008 8:03 PM, Brian <brian@liberatinginsight.com> wrote:
The code you included below for starting the server has a typo in it. You provided the keywork :ssl-certificate-file twice. Try using this instead
(defparameter *x* (hunchentoot:start-server :port 4443 :ssl-privatekey-file #P"/home/kiuma/pem/CA.key" :ssl-certificate-file #P"/home/kiuma/pem/CA.crt"))
Also I assume you want port 4443 and not the standard 443
into /home/kiuma/pem I've executed:
openssl genrsa -out CA.key 1024 openssl req -new -key CA.key -x509 -days 1095 -out CA.crt
Country Name (2 letter code) [AU]:IT State or Province Name (full name) [Some-State]:Milano Locality Name (eg, city) []:Monza Organization Name (eg, company) [Internet Widgits Pty Ltd]: wingstech.priv Organizational Unit Name (eg, section) []:kasa.wingstech.priv Common Name (eg, YOUR name) []:Chiumenti Andrea Email Address []:my@e.mail <mailto:my@e.mail>
the in slime repl:
(defparameter *x* (hunchentoot:start-server :port 4443 :ssl-certificate-file #P"/home/kiuma/pem/CA.key" :ssl-certificate-file #P"/home/kiuma/pem/CA.crt"))
The server stays mute :(( On Jan 4, 2008 7:27 PM, Brian <brian@liberatinginsight.com <mailto:brian@liberatinginsight.com>> wrote:
I also just noticed that you didn't provide the private key file input to your start server function. Try something like:
(hunchentoot::start-server :port 443 ;:ssl-privatekey-password <password to key file if version of lisp supports this> :ssl-certificate-file *ssl-certificate-path* :ssl-privatekey-file *ssl-private-key-path*)
You will need both the certificate and private key files to start a secure server. The howto listed below provides the directions, make sure you use the instructions on a self-signed certificate when producing the certificate file.
Brian wrote: > I always use the How To's found on the OpenSSL website which you can > find here > > http://www.openssl.org/docs/HOWTO/ > > > > Andrea Chiumenti wrote: >> Hello, >> I'm trying to figure out how to run Hunchentoot with SSL but I'm >> getting lost. >> I'm using it under a gentoo linux installation. >> I think the problem is with my ssl certificete file. >> >> to create it I use `openssl genrsa -out File.pem 1024` but since >> (defparameter *x* (hunchentoot:start-server :port 4443 >> :ssl-certificate-file #P"/home/kiuma/File.pem")) does not start
Andrea Chiumenti wrote: the
>> server. >> >> Does anybody know how to create a test certificate file with openssl >> or another tool ? >> >> Thanks in advance, >> kiuma >>
------------------------------------------------------------------------
>> >> _______________________________________________ >> tbnl-devel site list >> tbnl-devel@common-lisp.net <mailto:tbnl-devel@common-lisp.net> >> http://common-lisp.net/mailman/listinfo/tbnl-devel <http://common-lisp.net/mailman/listinfo/tbnl-devel> > > _______________________________________________ > tbnl-devel site list > tbnl-devel@common-lisp.net <mailto:tbnl-devel@common-lisp.net> > http://common-lisp.net/mailman/listinfo/tbnl-devel > >
_______________________________________________ tbnl-devel site list tbnl-devel@common-lisp.net <mailto:tbnl-devel@common-lisp.net> http://common-lisp.net/mailman/listinfo/tbnl-devel
------------------------------------------------------------------------
_______________________________________________ tbnl-devel site list tbnl-devel@common-lisp.net http://common-lisp.net/mailman/listinfo/tbnl-devel
_______________________________________________ tbnl-devel site list tbnl-devel@common-lisp.net http://common-lisp.net/mailman/listinfo/tbnl-devel
Brian, of course I had already given a look to HOWTOs. ;-p On Jan 4, 2008 7:11 PM, Brian <brian@liberatinginsight.com> wrote:
I always use the How To's found on the OpenSSL website which you can find here
http://www.openssl.org/docs/HOWTO/
Andrea Chiumenti wrote:
Hello, I'm trying to figure out how to run Hunchentoot with SSL but I'm getting lost. I'm using it under a gentoo linux installation. I think the problem is with my ssl certificete file.
to create it I use `openssl genrsa -out File.pem 1024` but since (defparameter *x* (hunchentoot:start-server :port 4443 :ssl-certificate-file #P"/home/kiuma/File.pem")) does not start the server.
Does anybody know how to create a test certificate file with openssl or another tool ?
Thanks in advance, kiuma ------------------------------------------------------------------------
_______________________________________________ tbnl-devel site list tbnl-devel@common-lisp.net http://common-lisp.net/mailman/listinfo/tbnl-devel
_______________________________________________ tbnl-devel site list tbnl-devel@common-lisp.net http://common-lisp.net/mailman/listinfo/tbnl-devel
Try the following: 1. Create the private key file openssl genrsa -out privkey.pem 2048 2. Then create the certificate using the private key openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095 3. (hunchentoot::start-server :port 443 :ssl-certificate-file "cacert.pem" :ssl-privatekey-file "privkey.pem") Andrea Chiumenti wrote:
Brian, of course I had already given a look to HOWTOs. ;-p
On Jan 4, 2008 7:11 PM, Brian <brian@liberatinginsight.com <mailto:brian@liberatinginsight.com>> wrote:
I always use the How To's found on the OpenSSL website which you can find here
http://www.openssl.org/docs/HOWTO/
Andrea Chiumenti wrote: > Hello, > I'm trying to figure out how to run Hunchentoot with SSL but I'm > getting lost. > I'm using it under a gentoo linux installation. > I think the problem is with my ssl certificete file. > > to create it I use `openssl genrsa -out File.pem 1024` but since > (defparameter *x* (hunchentoot:start-server :port 4443 > :ssl-certificate-file #P"/home/kiuma/File.pem")) does not start the > server. > > Does anybody know how to create a test certificate file with openssl > or another tool ? > > Thanks in advance, > kiuma > ------------------------------------------------------------------------
> > _______________________________________________ > tbnl-devel site list > tbnl-devel@common-lisp.net <mailto:tbnl-devel@common-lisp.net> > http://common-lisp.net/mailman/listinfo/tbnl-devel
_______________________________________________ tbnl-devel site list tbnl-devel@common-lisp.net <mailto:tbnl-devel@common-lisp.net> http://common-lisp.net/mailman/listinfo/tbnl-devel
------------------------------------------------------------------------
_______________________________________________ tbnl-devel site list tbnl-devel@common-lisp.net http://common-lisp.net/mailman/listinfo/tbnl-devel
participants (2)
-
Andrea Chiumenti -
Brian