From nobody Thu Aug 29 09:00:23 2024 X-Original-To: freebsd-arm@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WvZwW0s3sz5MZHr for ; Thu, 29 Aug 2024 08:59:39 +0000 (UTC) (envelope-from ronald@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WvZwV73JQz4D78; Thu, 29 Aug 2024 08:59:38 +0000 (UTC) (envelope-from ronald@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724921979; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ydvVDulfk2AUtlpZcVxZ5f2DCNj/Oxcgq9Kb5lpLdMs=; b=hUkQt7C48KYTsjzmHawGhk2HlFH0X26lhVu/fjJg8y27hC1Agwra7Md/S1QPw5QuYLmRfM ATz771YrSfNqlmGDFbz37wMuHKER2ZS5pzNpXE7cUTwz221Zi2nLdIAwO6opo3hcbJ/9kz BgCxmxYES41ZUYxAlZq9cBSKFETf+BZEHWXPmUKKaZk+Q8u4HUJwHBnAwFBcVN3MVNOUrj UvV1W+LQkZBPa/RZYb3IL03sGq00taQ4pKOVIaCp8ExFoyfkt6XMvPf3yMWtHNbRbj1XHa ZklXwncVeJVpwZPF1YMffl+Ibpe2CsdMgJK3znTbgYnHDWRX4/XdSYvO0YC8dw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724921979; a=rsa-sha256; cv=none; b=YjQOlt9Xcy2ZWIGNBSsta/w2Af9fjZ8riT3kHSM7hOMmwSvZT9HeCqRFbQGV1w1qXx8jNF apmxGxfBgVte+1veYJQTIOExI9COFsVM+wZG/kC+8Ddxe8BQmZRb7YJhY3vFAdt0ANnbBS 172N8560c5dxrM5AFMbRAvboiPN/arkgzE++u7cBzNu0ghydxrQaO5MYXuN+744Xq6L9wG NuM6Ngzm6RCKeB9RTEgCbk1Z2204U89xy3bBIJRBlBJR1EHs1bJKnj40Mr+GQe4V5vqt5/ sQ7ErONBdaMH55O8zvh3vqIAjTSdKjmw65GoxBXAwDdsCE1AVkF2xF4oCkeKtQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724921979; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ydvVDulfk2AUtlpZcVxZ5f2DCNj/Oxcgq9Kb5lpLdMs=; b=vIShYaNnA33RFijaUpq+ABF+XTaKCwjkl2ApqYm4dynGyAiIpoQEmbFG9fn65j+C5xQBv3 j3tnCEWniqzNPUC1wLxnh026AmUWIUCsQI2XmmzXya3aKHkXmzerutxZajM/j7rOXDlGzP I3Gy8UyDarSa1Y8KWtlRH7asIRsV+8QOffE7Snf7uyXeNPfPWet0R6RxuVLQDVI2tFhSF/ Ro76embtDXEJBRPv8oVb6TxdXTWakCICcAHg1A89BnVTvzwBVkwxf00/Z74lV5S2Q2rKWA HyTBLkdxfFNeITBFECJNiaXM1Mn3aTbsywL4+eqOFW4LfRNNuC/FVS4RdzHM0g== Received: from [IPV6:2001:1c00:2709:2010:ce9:4631:c5ff:6dc7] (2001-1c00-2709-2010-0ce9-4631-c5ff-6dc7.cable.dynamic.v6.ziggo.nl [IPv6:2001:1c00:2709:2010:ce9:4631:c5ff:6dc7]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: ronald/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 4WvZwV4GbtzFwM; Thu, 29 Aug 2024 08:59:38 +0000 (UTC) (envelope-from ronald@FreeBSD.org) Message-ID: Date: Thu, 29 Aug 2024 11:00:23 +0200 List-Id: Porting FreeBSD to ARM processors List-Archive: https://lists.freebsd.org/archives/freebsd-arm List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-arm@FreeBSD.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: OT, self-signed ssl certificate generation To: bob prohaska , freebsd-arm@freebsd.org References: Content-Language: en-US From: Ronald Klop In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 8/4/24 03:48, bob prohaska wrote: > [no ssl list, posting here because it might be a platform issue] > > In trying to get ssl working for apache24 I tried to follow the > instructions for self-signed certificate generation at > https://docs.freebsd.org/en/books/handbook/security/index.html > in section 16.8.1, Generating Certificates. > > The first example for generating a key and signing request > behaved as expected, generating a cert.key and req.pem file. > > The second example, for a self-signed certificate, adjusted to: > openssl req -new -x509 -days 365 -sha3-512 -keyout host.key -out host.crt Hi, This command works for me. So I think you should look further what fails. That it does not prompt for user input sounds like openssl does not execute properly. What is the exit code of running the command? Does it give any output? Mine gives: $ openssl req -new -x509 -days 365 -sha3-512 -keyout host.key -out host.crt .+.+...+.....+.+...............+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.....+...+...........+...+..........+...........................+......+..+.+.................+.........+...+...+..........+..............+.+..+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+..............+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ..........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+...+...+.+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+.........+...+.+............+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Enter PEM pass phrase: Verifying - Enter PEM pass phrase: ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:NL State or Province Name (full name) [Some-State]:NH Locality Name (eg, city) []:Amsterdam Organization Name (eg, company) [Internet Widgits Pty Ltd]:Henk Organizational Unit Name (eg, section) []: Common Name (e.g. server FQDN or YOUR name) []:henk.example.org Email Address []:henk@example.org Regards, Ronald. > to place the output files in the working directory, generated only an > empty host.key and no host.crt > > It also didn't prompt for user input, which the first example > did ask for. > > Any hints as to what I'm doing wrong would be much appreciated! > > Thanks for reading, >