0

In Ubuntu when i was trying to execute openssl s_server -cert server.pem -www I get the following message 

unable to load certificate
3074300104:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:696:Expecting: TRUSTED CERTIFICATE

Please help.

Deer Hunter
  • 1,070
  • 7
  • 17
  • 25
Sahithi
  • 21
  • 1
  • 1
  • 1
  • Welcome to Serverfault Sahithi. You will get a better response if you clean up the question a bit. I recommend making the subject more descriptive and something that people can understand. – Stefan Lasiewski Jan 28 '13 at 18:18
  • And state what you are trying to accomplish. Are you really trying to implement _a generic SSL/TLS server which listens for connections on a given port using SSL/TLS_ (From the `s_server` manpage). – Stefan Lasiewski Jan 28 '13 at 18:25
  • Yes Stefan . Am trying to launch the web server using server.pem file which should contain key and certificate. And I Am trying to access the server using the following URL: https://PKILabServer.com:4433/ – Sahithi Jan 28 '13 at 18:44
  • 1
    Most people use Apache or NGINX to serve SSL content. `openssl s_server` is generally only used for for debugging. Why are you using `openssl s_server`? What are you trying to accomplish? – Stefan Lasiewski Jan 28 '13 at 18:52

1 Answers1

5

Is server.pem actually a certificate? Run 

grep '^-----.*CERTIFICATE' server.pem

You should see the beginning and ending of the certificate:

server.pem:-----BEGIN CERTIFICATE-----
server.pem:-----END CERTIFICATE-----

If you don't see this output, you are not using a valid certificate.

Also, I note that you are running the following unusual command:

openssl s_server -cert server.pem -www

This command does:

  • s_server - starts a very basic openssl server
  • -cert server.pem - uses the certificate server.pem
  • -www - "sends a status message back to the client when it connects. This includes lots of information about the ciphers used and various session parameters. The output is in HTML format so this option will normally be used with a web browser."

openssl s_server is generally only used for for debugging. Why are you using openssl s_server? What are you trying to accomplish?

gene_wood
  • 533
  • 6
  • 15
Stefan Lasiewski
  • 23,667
  • 41
  • 132
  • 186
  • when i ran it ..I got -----BEGIN RSA PRIVATE KEY----- -----END RSA PRIVATE KEY----- – Sahithi Jan 28 '13 at 18:16
  • server.pem contains certficate and key . – Sahithi Jan 28 '13 at 18:21
  • 2
    @Sahithi, as your command output shows, the file does *not* contain the certificate and key. `server.pem` only contains the key, and thus `-cert` is correct when it says `unable to load certificate`. There is no certificate. – Stefan Lasiewski Jan 28 '13 at 18:23
  • I have two files server.key and server.crt . Itried to put them in a file server.pem using %cp server.key server.pem % cat server.crt >> server.pem – Sahithi Jan 28 '13 at 18:29
  • I also checked ...grep '^-----' server.crt..But the beginning and ending of the certificate was not displayed. Is there a problem with the certificate? – Sahithi Jan 28 '13 at 18:30
  • Probably. Most PEM certificates contain those lines. But, please doublecheck that you are running the right command. Are you really trying to use `openssl` as a server? (see my comment above). – Stefan Lasiewski Jan 28 '13 at 18:43
  • Yes am using Open SSL – Sahithi Jan 28 '13 at 18:50