Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3468
Views
6
Helpful
5
Replies

Please improve OpenSSL compatibility for SSL

Dirk Dittert
Level 1
Level 1

‎05-03-2014 02:39 PM

It would be nice if CSRs generated through the web interface were compliant with OpenSSL.

 

The problem is that CSRs can not be parsed by OpenSSL the way that they are shown in the HTML page:

openssl req -in csr.txt -noout -text says:

unable to load X509 request

139838211532448:error:0906D064:PEM routines:PEM_read_bio:bad base64 decode:pem_lib.c:805:

 

The reason for this is simple: OpenSSL expects the CSR to be wrapped after 64 characters but the SG300 generates them in a single line. Manually rewrapping the CSR allowed me to process the CSR in OpenSSL – but that's a fact that took about 8h to figure out...

 

Also: I was not able to import a public/private key combination that was generated through OpenSSL. One of the reasons is that the SG300 expects the banner for the public key to be BEGIN RSA PUBLIC KEY whereas OpenSSL seems to use BEGIN PUBLIC KEY. Even after fixing the header, all I managed to get was Failed to load public key. Finally, I gave up trying and used the CSR way to install the certificate. It would be great if the SSL handling were a little smoother. Thanks!

 

Firmware version is 1.3.7.18

Labels:
0 Helpful
5 Replies 5

chrebert
Level 4
Level 4