TechQA.

boost asio exception: use_private_key_file: key values mismatch

2.4k views Asked by At

I'm using the example server from boost asio, and I'm failing to run that and getting this error,

Exception: use_private_key_file: key values mismatch

I'm changing ABSOLUTELY NOTHING in the program, except for keys and port.

I'm willing to use my own key authority, and it seems like there's a problem in the library, where it's not excluded that I could be doing something fundamentally wrong, so please assist.

In the program, I use the following lines for the keys:

context_.use_certificate_chain_file("../sslkeys/server.crt");
context_.use_private_key_file("../sslkeys/server.key", boost::asio::ssl::context::pem);
context_.use_tmp_dh_file("../sslkeys/dh512.pem");

And to create these keys, I do the following:

1- Create Certificate Authority (CA)

openssl genrsa -aes256 -out ca.key 4096
openssl req -new -x509 -extensions v3_ca -key ca.key -out ca.crt -days 36500

2- Create server key and sign it with the authority key

openssl genrsa -des3 -out server.key 2048
openssl x509 -req -days 3650 -in server.csr -signkey ../sslca/ca.key -out server.crt
cp server.key server.key.secure
openssl rsa -in server.key.secure -out server.key
openssl dhparam -out dh512.pem 1024

Now when I run the server with this configuration, I get that error... what am I doing wrong?

If you require any additional information, please ask.

EDIT:

So I checked the keys as suggested with the commands:

openssl rsa -noout -modulus -in server.key openssl req -noout -modulus -in server.csr openssl x509 -noout -modulus -in server.crt

And the first two produced the same key, while the last one is different. I have to confirm that the crt file is created using

openssl x509 -req -days 3650 -in server.csr -signkey ../sslca/ca.key -out server.crt

Suggestions? I mean if not matching key and certificate is a problem, then my signing method is wrong! What am I doing wrong?

c++ ssl boost openssl boost-asio
Original Q&A
1

There are 1 answers

3
Eric Tsui On

According to the error output, the first step you could try is to make sure your certificate matches the private key by openssl commands. It might be done like this,

openssl rsa -noout -modulus -in server.key
openssl req -noout -modulus -in server.csr
openssl x509 -noout -modulus -in server.crt

If the modulus are the same, which means the files are matched, then look into boost program. Otherwise, there might be a file mix-up.

Related Questions in C++

Related Questions in SSL

Related Questions in BOOST

Related Questions in OPENSSL

Related Questions in BOOST-ASIO

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions