diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2000-03-25 02:38:28 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2000-03-25 02:38:28 +0000 |
| commit | afee764c4a173e7dff52dbf59612e2418acc7cb7 (patch) | |
| tree | f98eeb52cbdae79205d18ccd873f0dca58f91b64 /FAQ | |
| parent | 2d99cee790041acbf345bc0b04ea308ce76cd092 (diff) | |
Update docs.
Diffstat (limited to 'FAQ')
| -rw-r--r-- | FAQ | 32 |
1 files changed, 32 insertions, 0 deletions
@@ -13,6 +13,9 @@ OpenSSL - Frequently Asked Questions * Why do I get errors about unknown algorithms? * How do I create certificates or certificate requests? * Why can't I create certificate requests? +* Why does <SSL program> fail with a certificate verify error? +* How can I create DSA certificates? +* Why can't I make an SSL connection using a DSA certificate? * Why can't the OpenSSH configure script detect OpenSSL? @@ -156,6 +159,7 @@ on how to obtain and install the free GNU C compiler. A number of Linux and *BSD distributions include OpenSSL. + * I've compiled a program under Windows and it crashes: why? This is usually because you've missed the comment in INSTALL.W32. You @@ -191,6 +195,34 @@ This is because it can't find the configuration file. Check out the DIAGNOSTICS section of req(1) for more information. +* Why does <SSL program> fail with a certificate verify error? + +This problem is usually indicated by log messages saying something like +"unable to get local issuer certificate" or "self signed certificate". +When a certificate is verified its root CA must be "trusted" by OpenSSL +this typically means that the CA certificate must be placed in a directory +or file and the relevant program configured to read it. The OpenSSL program +'verify' behaves in a similar way and issues similar error messages: check +the verify(1) program manual page for more information. + + +* How can I create DSA certificates? + +Check the CA.pl(1) manual page for a DSA certificate example. + + +* Why can't I make an SSL connection to a server using a DSA certificate? + +Typically you'll see a message saying there are no shared ciphers when +the same setup works fine with an RSA certificate. There are two possible +causes. The client may not support connections to DSA servers most web +browsers only support connections to servers supporting RSA cipher suites. +The other cause is that a set of DH parameters has not been supplied to +the server. DH parameters can be created with the dhparam(1) command and +loaded using the SSL_CTX_set_tmp_dh() for example: check the source to +s_server in apps/s_server.c for an example. + + * Why can't the OpenSSH configure script detect OpenSSL? There is a problem with OpenSSH 1.2.2p1, in that the configure script |