1

I'm using boost::asio to establish encrypted connection between client and server applications. I generated a private key file and self signed certificate in the following way:

openssl genrsa -out private_key.pem 2048
openssl req -new -key private_key.pem -out public_key.pem

The generated certificate is:

-----BEGIN CERTIFICATE REQUEST-----
MIICxjCCAa4CAQAwgYAxCzAJBgNVBAYTAkJHMQ4wDAYDVQQIDAVTb2ZpYTEOMAwG
A1UEBwwFU29maWExDDAKBgNVBAoMA0VHVDEMMAoGA1UECwwDU0JTMRMwEQYDVQQD
DApJdmFuIEJvYmV2MSAwHgYJKoZIhvcNAQkBFhFib2JlZmZAZWd0LWJnLmNvbTCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM2OyY0BvtnmtxbPw7tblSc+
2TOopefy1/voELFT+6SCfmmXhIkL7HXcbFekc0z3VtCaSpq64Tk7NMGPtm2XiVt7
Yzftw5pItsgyVwGuCk5sAMZ5qtDVjwTJv6m9TEV4hBA91ypYsXgcYBz4CIIw9Zm9
uSJVznEsnraQE8xFE87D6Z78BLSFej83A7YsGqxPRIbNCtismtj1GeLFegnX/u5l
PeyPa6A4bgXKgtWFoOEfdCQhWxZwxER0la16JAbMPuKmM+ZM0JJOPBhwdDmXEpv4
tvZ+LXgVo8v71jKK1eMTjvQA2e3bBqZFtpPi0gvYTENQE1yXoRE479wPDHqrum8C
AwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQAypIZnsX/C63kdeRoQeMOVJa5CObWr
ALxtQIHdaR83SzY6K1Gg3SybHMnQ3wVUr71/tcuCYri6hJAzFKNYo676EdOxH8X4
IJSNQIHUPBRRvcaB2us+wmAEsHhFytzlBdsYNo1UM+QXgDArV/BeHt9R1GYaN9kz
C8ZSf5IYd/8vjDHRzpoeJ5+n4zMONOtCgXZU2WMEa7n9xbumfTnnZmaYGb3y3VVg
FHtEAFsM1K80zKDW7Nech1vLXnJVi/SS5ABl+jqLOdVVqM+WKaowJY6y+U786by4
q55Eoas7JZQIN+g6LeKywWj59CpYpeMczsp/WygKey6JkQ3qi1FiLaUB
-----END CERTIFICATE REQUEST-----

In my program code, I have the following initialization of SSL context structure:

...
, m_sslContext(ssl::context::sslv23)
...
m_sslContext.set_verify_mode(ssl::verify_peer | ssl::verify_fail_if_no_peer_cert);
m_sslContext.use_rsa_private_key_file("private_key.pem", ssl::context::pem);
m_sslContext.use_certificate_file("public_key.pem", ssl::context::pem);
...

But use_ceritificate_file method throws exception with message:

use_certificate_file: no start line

Why does the function fail and what is the correct way to establish a secure connection with boost::asio wrapper around OpenSSL?

bobeff
  • 3,543
  • 3
  • 34
  • 62
  • A public key isn't a certificate. – tkausl Jun 23 '16 at 15:05
  • According to [this](http://superuser.com/questions/620121/what-is-the-difference-between-a-certificate-and-a-key-with-respect-to-ssl) a certificate contains a public key, so I used it interchangeably. – bobeff Jun 23 '16 at 15:23
  • A certificate contains a public-key, yes. But a public-key does not contain a certificate. – tkausl Jun 23 '16 at 15:34
  • Oh well, your `public_key.pem` is neither a certificate nor a public-key. It's a certificate request. You have to process (sign) this certificate-request. – tkausl Jun 23 '16 at 15:35
  • 1
    http://stackoverflow.com/questions/10175812/how-to-create-a-self-signed-certificate-with-openssl – tkausl Jun 23 '16 at 15:40
  • Yes I solved the problem when I generated the certificate in the way described in pointed by you post. I will accept this answer if you post it as answer. – bobeff Jun 23 '16 at 15:52

1 Answers1

2

As discussed in the comments, a public-key isn't a certificate. Your public_key.pem however isn't a public-key either. It's a certificate-request which you'd normally send to a certificate-authority to sign it for you. Since you want to sign it yourself, you can check out How to create a self-signed certificate with openssl? to see how to sign your request.

Community
  • 1
  • 1
tkausl
  • 13,686
  • 2
  • 33
  • 50