Problems loading certficate

Andrew Webb Andrew.Webb at statpro.com
Fri Jul 27 10:26:44 EDT 2012


Trying to configure Shib SP on Windows / IIS 7.5 to read from our own
certificate, for signing authn requests.

 

For our self-signed cert I can lay my hands on its .crt, .csr, .key and
.pfx files.  For its root I have ca.crt and ca.key files.

 

I have put the self-signed cert's .crt and .key files on the server, and
have set the following in shibboleth2.xml:-

    <CredentialResolver type="File" key="C:\SamlCerts\revolutionsp.key"
certificate="C:\SamlCerts\revolutionsp.crt"
password="theCorrectPassword"/>

 

On restarting the Shibd Windows service I always get:-

2012-07-27 15:07:33 INFO XMLTooling.SecurityHelper : loading private key
from file (C:\SamlCerts\revolutionsp.key)

2012-07-27 15:07:33 ERROR OpenSSL : error code: 101077092 in
.\crypto\evp\evp_enc.c, line 467

2012-07-27 15:07:33 ERROR OpenSSL : error code: 151429221 in
.\crypto\pem\pem_lib.c, line 476

2012-07-27 15:07:33 CRIT Shibboleth.Application : error building
CredentialResolver: Unable to load private key from file
(C:\SamlCerts\revolutionsp.key).

 

Any idea?  Is there a way to get more meaningful messages from OpenSSL?
Should I be referencing the ca.* files via chaining?  Should be .pfx
file be used?

 

 



This message is private and confidential. If you have received this message in error, please notify us and remove it from your system. Any views or opinions presented in this email are solely those of the author and might not represent those of StatPro. Warning: Although StatPro has taken reasonable precautions to ensure no viruses are present in this email, the company cannot accept responsibility for any loss or damage arising from the use of this email or attachments.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20120727/ea7739cf/attachment.html 


More information about the users mailing list