Hello, I'm trying to figure out how to run Hunchentoot with SSL but I'm getting lost. I'm using it under a gentoo linux installation. I think the problem is with my ssl certificete file.
to create it I use `openssl genrsa -out File.pem 1024` but since (defparameter *x* (hunchentoot:start-server :port 4443 :ssl-certificate-file #P"/home/kiuma/File.pem")) does not start the server.
Does anybody know how to create a test certificate file with openssl or another tool ?
Thanks in advance, kiuma
I always use the How To's found on the OpenSSL website which you can find here
http://www.openssl.org/docs/HOWTO/
Andrea Chiumenti wrote:
Hello, I'm trying to figure out how to run Hunchentoot with SSL but I'm getting lost. I'm using it under a gentoo linux installation. I think the problem is with my ssl certificete file.
to create it I use `openssl genrsa -out File.pem 1024` but since (defparameter *x* (hunchentoot:start-server :port 4443 :ssl-certificate-file #P"/home/kiuma/File.pem")) does not start the server.
Does anybody know how to create a test certificate file with openssl or another tool ?
Thanks in advance, kiuma
tbnl-devel site list tbnl-devel@common-lisp.net http://common-lisp.net/mailman/listinfo/tbnl-devel
I also just noticed that you didn't provide the private key file input to your start server function. Try something like:
(hunchentoot::start-server :port 443 ;:ssl-privatekey-password <password to key file if version of lisp supports this> :ssl-certificate-file *ssl-certificate-path* :ssl-privatekey-file *ssl-private-key-path*)
You will need both the certificate and private key files to start a secure server. The howto listed below provides the directions, make sure you use the instructions on a self-signed certificate when producing the certificate file.
Brian wrote:
I always use the How To's found on the OpenSSL website which you can find here
http://www.openssl.org/docs/HOWTO/
Andrea Chiumenti wrote:
Hello, I'm trying to figure out how to run Hunchentoot with SSL but I'm getting lost. I'm using it under a gentoo linux installation. I think the problem is with my ssl certificete file.
to create it I use `openssl genrsa -out File.pem 1024` but since (defparameter *x* (hunchentoot:start-server :port 4443 :ssl-certificate-file #P"/home/kiuma/File.pem")) does not start the server.
Does anybody know how to create a test certificate file with openssl or another tool ?
Thanks in advance, kiuma
tbnl-devel site list tbnl-devel@common-lisp.net http://common-lisp.net/mailman/listinfo/tbnl-devel
tbnl-devel site list tbnl-devel@common-lisp.net http://common-lisp.net/mailman/listinfo/tbnl-devel
into /home/kiuma/pem I've executed:
openssl genrsa -out CA.key 1024 openssl req -new -key CA.key -x509 -days 1095 -out CA.crt
Country Name (2 letter code) [AU]:IT State or Province Name (full name) [Some-State]:Milano Locality Name (eg, city) []:Monza Organization Name (eg, company) [Internet Widgits Pty Ltd]:wingstech.priv Organizational Unit Name (eg, section) []:kasa.wingstech.priv Common Name (eg, YOUR name) []:Chiumenti Andrea Email Address []:my@e.mail
the in slime repl:
(defparameter *x* (hunchentoot:start-server :port 4443 :ssl-certificate-file #P"/home/kiuma/pem/CA.key" :ssl-certificate-file #P"/home/kiuma/pem/CA.crt"))
The server stays mute :(( On Jan 4, 2008 7:27 PM, Brian brian@liberatinginsight.com wrote:
I also just noticed that you didn't provide the private key file input to your start server function. Try something like:
(hunchentoot::start-server :port 443 ;:ssl-privatekey-password <passwordto key file if version of lisp supports this> :ssl-certificate-file *ssl-certificate-path* :ssl-privatekey-file *ssl-private-key-path*)
You will need both the certificate and private key files to start a secure server. The howto listed below provides the directions, make sure you use the instructions on a self-signed certificate when producing the certificate file.
Brian wrote:
I always use the How To's found on the OpenSSL website which you can find here
http://www.openssl.org/docs/HOWTO/
Andrea Chiumenti wrote:
Hello, I'm trying to figure out how to run Hunchentoot with SSL but I'm getting lost. I'm using it under a gentoo linux installation. I think the problem is with my ssl certificete file.
to create it I use `openssl genrsa -out File.pem 1024` but since (defparameter *x* (hunchentoot:start-server :port 4443 :ssl-certificate-file #P"/home/kiuma/File.pem")) does not start the server.
Does anybody know how to create a test certificate file with openssl or another tool ?
Thanks in advance, kiuma
tbnl-devel site list tbnl-devel@common-lisp.net http://common-lisp.net/mailman/listinfo/tbnl-devel
tbnl-devel site list tbnl-devel@common-lisp.net http://common-lisp.net/mailman/listinfo/tbnl-devel
tbnl-devel site list tbnl-devel@common-lisp.net http://common-lisp.net/mailman/listinfo/tbnl-devel
Stupid me: Ididn't checkout the logs [2008-01-04 19:46:13 [ERROR]] Error while processing connection: SSL initialization error: Can't load RSA private key ~A
what does it mean ?
On Jan 4, 2008 7:41 PM, Andrea Chiumenti kiuma72@gmail.com wrote:
into /home/kiuma/pem I've executed:
openssl genrsa -out CA.key 1024 openssl req -new -key CA.key -x509 -days 1095 -out CA.crt
Country Name (2 letter code) [AU]:IT State or Province Name (full name) [Some-State]:Milano Locality Name (eg, city) []:Monza Organization Name (eg, company) [Internet Widgits Pty Ltd]:wingstech.priv Organizational Unit Name (eg, section) []:kasa.wingstech.priv Common Name (eg, YOUR name) []:Chiumenti Andrea Email Address []:my@e.mail
the in slime repl:
(defparameter *x* (hunchentoot:start-server :port 4443 :ssl-certificate-file #P"/home/kiuma/pem/CA.key" :ssl-certificate-file #P"/home/kiuma/pem/CA.crt"))
The server stays mute :((
On Jan 4, 2008 7:27 PM, Brian brian@liberatinginsight.com wrote:
I also just noticed that you didn't provide the private key file input to your start server function. Try something like:
(hunchentoot::start-server :port 443 ;:ssl-privatekey-password <passwordto key file if version of lisp supports this> :ssl-certificate-file *ssl-certificate-path* :ssl-privatekey-file *ssl-private-key-path*)
You will need both the certificate and private key files to start a secure server. The howto listed below provides the directions, make sure you use the instructions on a self-signed certificate when producing the
certificate file.
Brian wrote:
I always use the How To's found on the OpenSSL website which you can find here
http://www.openssl.org/docs/HOWTO/
Andrea Chiumenti wrote:
Hello, I'm trying to figure out how to run Hunchentoot with SSL but I'm getting lost. I'm using it under a gentoo linux installation. I think the problem is with my ssl certificete file.
to create it I use `openssl genrsa -out File.pem 1024` but since (defparameter *x* (hunchentoot:start-server :port 4443 :ssl-certificate-file #P"/home/kiuma/File.pem")) does not start the server.
Does anybody know how to create a test certificate file with openssl or another tool ?
Thanks in advance, kiuma
tbnl-devel site list tbnl-devel@common-lisp.net http://common-lisp.net/mailman/listinfo/tbnl-devel
tbnl-devel site list tbnl-devel@common-lisp.net http://common-lisp.net/mailman/listinfo/tbnl-devel
tbnl-devel site list tbnl-devel@common-lisp.net http://common-lisp.net/mailman/listinfo/tbnl-devel
The code you included below for starting the server has a typo in it. You provided the keywork :ssl-certificate-file twice. Try using this instead
(defparameter *x* (hunchentoot:start-server :port 4443 :ssl-privatekey-file #P"/home/kiuma/pem/CA.key" :ssl-certificate-file #P"/home/kiuma/pem/CA.crt"))
Also I assume you want port 4443 and not the standard 443
Andrea Chiumenti wrote:
into /home/kiuma/pem I've executed:
openssl genrsa -out CA.key 1024 openssl req -new -key CA.key -x509 -days 1095 -out CA.crt
Country Name (2 letter code) [AU]:IT State or Province Name (full name) [Some-State]:Milano Locality Name (eg, city) []:Monza Organization Name (eg, company) [Internet Widgits Pty Ltd]:wingstech.priv Organizational Unit Name (eg, section) []:kasa.wingstech.priv Common Name (eg, YOUR name) []:Chiumenti Andrea Email Address []:my@e.mail mailto:my@e.mail
the in slime repl:
(defparameter *x* (hunchentoot:start-server :port 4443 :ssl-certificate-file #P"/home/kiuma/pem/CA.key" :ssl-certificate-file #P"/home/kiuma/pem/CA.crt"))
The server stays mute :(( On Jan 4, 2008 7:27 PM, Brian <brian@liberatinginsight.com mailto:brian@liberatinginsight.com> wrote:
I also just noticed that you didn't provide the private key file input to your start server function. Try something like: (hunchentoot::start-server :port 443 ;:ssl-privatekey-password <password to key file if version of lisp supports this> :ssl-certificate-file *ssl-certificate-path* :ssl-privatekey-file *ssl-private-key-path*) You will need both the certificate and private key files to start a secure server. The howto listed below provides the directions, make sure you use the instructions on a self-signed certificate when producing the certificate file. Brian wrote: > I always use the How To's found on the OpenSSL website which you can > find here > > http://www.openssl.org/docs/HOWTO/ > > > > Andrea Chiumenti wrote: >> Hello, >> I'm trying to figure out how to run Hunchentoot with SSL but I'm >> getting lost. >> I'm using it under a gentoo linux installation. >> I think the problem is with my ssl certificete file. >> >> to create it I use `openssl genrsa -out File.pem 1024` but since >> (defparameter *x* (hunchentoot:start-server :port 4443 >> :ssl-certificate-file #P"/home/kiuma/File.pem")) does not start the >> server. >> >> Does anybody know how to create a test certificate file with openssl >> or another tool ? >> >> Thanks in advance, >> kiuma >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> tbnl-devel site list >> tbnl-devel@common-lisp.net <mailto:tbnl-devel@common-lisp.net> >> http://common-lisp.net/mailman/listinfo/tbnl-devel <http://common-lisp.net/mailman/listinfo/tbnl-devel> > > _______________________________________________ > tbnl-devel site list > tbnl-devel@common-lisp.net <mailto:tbnl-devel@common-lisp.net> > http://common-lisp.net/mailman/listinfo/tbnl-devel > > _______________________________________________ tbnl-devel site list tbnl-devel@common-lisp.net <mailto:tbnl-devel@common-lisp.net> http://common-lisp.net/mailman/listinfo/tbnl-devel
tbnl-devel site list tbnl-devel@common-lisp.net http://common-lisp.net/mailman/listinfo/tbnl-devel
Thank you very much, it's working now!
On Jan 4, 2008 8:03 PM, Brian brian@liberatinginsight.com wrote:
The code you included below for starting the server has a typo in it. You provided the keywork :ssl-certificate-file twice. Try using this instead
(defparameter *x* (hunchentoot:start-server :port 4443 :ssl-privatekey-file #P"/home/kiuma/pem/CA.key" :ssl-certificate-file #P"/home/kiuma/pem/CA.crt"))
Also I assume you want port 4443 and not the standard 443
Andrea Chiumenti wrote:
into /home/kiuma/pem I've executed:
openssl genrsa -out CA.key 1024 openssl req -new -key CA.key -x509 -days 1095 -out CA.crt
Country Name (2 letter code) [AU]:IT State or Province Name (full name) [Some-State]:Milano Locality Name (eg, city) []:Monza Organization Name (eg, company) [Internet Widgits Pty Ltd]:
wingstech.priv
Organizational Unit Name (eg, section) []:kasa.wingstech.priv Common Name (eg, YOUR name) []:Chiumenti Andrea Email Address []:my@e.mail mailto:my@e.mail
the in slime repl:
(defparameter *x* (hunchentoot:start-server :port 4443 :ssl-certificate-file #P"/home/kiuma/pem/CA.key" :ssl-certificate-file #P"/home/kiuma/pem/CA.crt"))
The server stays mute :(( On Jan 4, 2008 7:27 PM, Brian <brian@liberatinginsight.com mailto:brian@liberatinginsight.com> wrote:
I also just noticed that you didn't provide the private key fileinput
to your start server function. Try something like: (hunchentoot::start-server :port 443 ;:ssl-privatekey-password <password to key file if version of lisp supports this> :ssl-certificate-file *ssl-certificate-path* :ssl-privatekey-file *ssl-private-key-path*) You will need both the certificate and private key files to start a secure server. The howto listed below provides the directions, make sure you use the instructions on a self-signed certificate when producing the certificate file. Brian wrote: > I always use the How To's found on the OpenSSL website which youcan
> find here > > http://www.openssl.org/docs/HOWTO/ > > > > Andrea Chiumenti wrote: >> Hello, >> I'm trying to figure out how to run Hunchentoot with SSL but I'm >> getting lost. >> I'm using it under a gentoo linux installation. >> I think the problem is with my ssl certificete file. >> >> to create it I use `openssl genrsa -out File.pem 1024` but since >> (defparameter *x* (hunchentoot:start-server :port 4443 >> :ssl-certificate-file #P"/home/kiuma/File.pem")) does not startthe
>> server. >> >> Does anybody know how to create a test certificate file with openssl >> or another tool ? >> >> Thanks in advance, >> kiuma >>
>> >> _______________________________________________ >> tbnl-devel site list >> tbnl-devel@common-lisp.net <mailto:tbnl-devel@common-lisp.net> >> http://common-lisp.net/mailman/listinfo/tbnl-devel <http://common-lisp.net/mailman/listinfo/tbnl-devel> > > _______________________________________________ > tbnl-devel site list > tbnl-devel@common-lisp.net <mailto:tbnl-devel@common-lisp.net> > http://common-lisp.net/mailman/listinfo/tbnl-devel > > _______________________________________________ tbnl-devel site list tbnl-devel@common-lisp.net <mailto:tbnl-devel@common-lisp.net> http://common-lisp.net/mailman/listinfo/tbnl-devel
tbnl-devel site list tbnl-devel@common-lisp.net http://common-lisp.net/mailman/listinfo/tbnl-devel
tbnl-devel site list tbnl-devel@common-lisp.net http://common-lisp.net/mailman/listinfo/tbnl-devel
Brian, of course I had already given a look to HOWTOs. ;-p
On Jan 4, 2008 7:11 PM, Brian brian@liberatinginsight.com wrote:
I always use the How To's found on the OpenSSL website which you can find here
http://www.openssl.org/docs/HOWTO/
Andrea Chiumenti wrote:
Hello, I'm trying to figure out how to run Hunchentoot with SSL but I'm getting lost. I'm using it under a gentoo linux installation. I think the problem is with my ssl certificete file.
to create it I use `openssl genrsa -out File.pem 1024` but since (defparameter *x* (hunchentoot:start-server :port 4443 :ssl-certificate-file #P"/home/kiuma/File.pem")) does not start the server.
Does anybody know how to create a test certificate file with openssl or another tool ?
Thanks in advance, kiuma
tbnl-devel site list tbnl-devel@common-lisp.net http://common-lisp.net/mailman/listinfo/tbnl-devel
tbnl-devel site list tbnl-devel@common-lisp.net http://common-lisp.net/mailman/listinfo/tbnl-devel
Try the following:
1. Create the private key file
openssl genrsa -out privkey.pem 2048
2. Then create the certificate using the private key
openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095
3. (hunchentoot::start-server :port 443
:ssl-certificate-file "cacert.pem" :ssl-privatekey-file "privkey.pem")
Andrea Chiumenti wrote:
Brian, of course I had already given a look to HOWTOs. ;-p
On Jan 4, 2008 7:11 PM, Brian <brian@liberatinginsight.com mailto:brian@liberatinginsight.com> wrote:
I always use the How To's found on the OpenSSL website which you can find here http://www.openssl.org/docs/HOWTO/ Andrea Chiumenti wrote: > Hello, > I'm trying to figure out how to run Hunchentoot with SSL but I'm > getting lost. > I'm using it under a gentoo linux installation. > I think the problem is with my ssl certificete file. > > to create it I use `openssl genrsa -out File.pem 1024` but since > (defparameter *x* (hunchentoot:start-server :port 4443 > :ssl-certificate-file #P"/home/kiuma/File.pem")) does not start the > server. > > Does anybody know how to create a test certificate file with openssl > or another tool ? > > Thanks in advance, > kiuma > ------------------------------------------------------------------------ > > _______________________________________________ > tbnl-devel site list > tbnl-devel@common-lisp.net <mailto:tbnl-devel@common-lisp.net> > http://common-lisp.net/mailman/listinfo/tbnl-devel _______________________________________________ tbnl-devel site list tbnl-devel@common-lisp.net <mailto:tbnl-devel@common-lisp.net> http://common-lisp.net/mailman/listinfo/tbnl-devel
tbnl-devel site list tbnl-devel@common-lisp.net http://common-lisp.net/mailman/listinfo/tbnl-devel
-
Andrea Chiumenti -
Brian