Board index » delphi » Indy TCPServer and SSL - Cannot Load the Key

Indy TCPServer and SSL - Cannot Load the Key

Hi! I'm trying do make a TCPServer with SSL (like in the HTTPServer
Example). I'm using the same cert and key files, but an exception comes in
the server when the client try to connect.
EIdOSSLLoadingKeyError - 'Could not load key, check password'

Thanks a lot...

Wagner Cunha
Brasil

--------------------------

More details:
I'm using TidTCPServer and a TidServerInterceptOpenSSL... I set the ssl
properties like in the HttpServer example:

var AppDir : String;
begin
with SSL.SSLOptions do begin
    Method := sslvSSLv23;
    AppDir := ExtractFilePath(Application.ExeName);
    RootCertFile := AppDir + 'cert\CAcert.pem';
    CertFile     := AppDir + 'cert\WSScert.pem';
    KeyFile      := AppDir + 'cert\WSSkey.pem';
end;
end;
Server.Intercept := SSL;

In the Client i put a TidTCPClient and a TidConnectionInterceptOpenSSL (with
the options Method := sslvSSLv23 and Mode := sslmClient).

When i try to connect, i get this exception in the server:
EIdOSSLLoadingKeyError - 'Could not load key, check password'... I'm using
the same files of the HttpServer Example....

 

Re:Indy TCPServer and SSL - Cannot Load the Key


Sorry... i forget to put the password 'aaaa' in the onGetPassword in the
server...

Wagner Cunha <wcu...@seventh.com.br> escreveu nas notcias de
mensagem:3c9a12b3_2@dnews...

Quote
> Hi! I'm trying do make a TCPServer with SSL (like in the HTTPServer
> Example). I'm using the same cert and key files, but an exception comes in
> the server when the client try to connect.
> EIdOSSLLoadingKeyError - 'Could not load key, check password'

> Thanks a lot...

> Wagner Cunha
> Brasil

> --------------------------

> More details:
> I'm using TidTCPServer and a TidServerInterceptOpenSSL... I set the ssl
> properties like in the HttpServer example:

> var AppDir : String;
> begin
> with SSL.SSLOptions do begin
>     Method := sslvSSLv23;
>     AppDir := ExtractFilePath(Application.ExeName);
>     RootCertFile := AppDir + 'cert\CAcert.pem';
>     CertFile     := AppDir + 'cert\WSScert.pem';
>     KeyFile      := AppDir + 'cert\WSSkey.pem';
> end;
> end;
> Server.Intercept := SSL;

> In the Client i put a TidTCPClient and a TidConnectionInterceptOpenSSL
(with
> the options Method := sslvSSLv23 and Mode := sslmClient).

> When i try to connect, i get this exception in the server:
> EIdOSSLLoadingKeyError - 'Could not load key, check password'... I'm using
> the same files of the HttpServer Example....

Re:Indy TCPServer and SSL - Cannot Load the Key


This 'aaaa' password is for bundled demo certificate/private key. DO NOT USE
IT FOR PRODUCTION.

Regards,
Gregor

Quote
"Wagner Cunha" <wcu...@seventh.com.br> wrote in message

news:3c9a188d_2@dnews...
Quote
> Sorry... i forget to put the password 'aaaa' in the onGetPassword in the
> server...

> Wagner Cunha <wcu...@seventh.com.br> escreveu nas notcias de
> mensagem:3c9a12b3_2@dnews...
> > Hi! I'm trying do make a TCPServer with SSL (like in the HTTPServer
> > Example). I'm using the same cert and key files, but an exception comes
in
> > the server when the client try to connect.
> > EIdOSSLLoadingKeyError - 'Could not load key, check password'

> > Thanks a lot...

> > Wagner Cunha
> > Brasil

> > --------------------------

> > More details:
> > I'm using TidTCPServer and a TidServerInterceptOpenSSL... I set the ssl
> > properties like in the HttpServer example:

> > var AppDir : String;
> > begin
> > with SSL.SSLOptions do begin
> >     Method := sslvSSLv23;
> >     AppDir := ExtractFilePath(Application.ExeName);
> >     RootCertFile := AppDir + 'cert\CAcert.pem';
> >     CertFile     := AppDir + 'cert\WSScert.pem';
> >     KeyFile      := AppDir + 'cert\WSSkey.pem';
> > end;
> > end;
> > Server.Intercept := SSL;

> > In the Client i put a TidTCPClient and a TidConnectionInterceptOpenSSL
> (with
> > the options Method := sslvSSLv23 and Mode := sslmClient).

> > When i try to connect, i get this exception in the server:
> > EIdOSSLLoadingKeyError - 'Could not load key, check password'... I'm
using
> > the same files of the HttpServer Example....

Re:Indy TCPServer and SSL - Cannot Load the Key


Why not? <g>

Quote
"Gregor Ibic" <gregor.i...@intelicom.si> wrote in message

news:3c9a2749$1_1@dnews...
Quote
> This 'aaaa' password is for bundled demo certificate/private key. DO NOT
USE
> IT FOR PRODUCTION.

> Regards,
> Gregor

> "Wagner Cunha" <wcu...@seventh.com.br> wrote in message
> news:3c9a188d_2@dnews...
> > Sorry... i forget to put the password 'aaaa' in the onGetPassword in the
> > server...

> > Wagner Cunha <wcu...@seventh.com.br> escreveu nas notcias de
> > mensagem:3c9a12b3_2@dnews...
> > > Hi! I'm trying do make a TCPServer with SSL (like in the HTTPServer
> > > Example). I'm using the same cert and key files, but an exception
comes
> in
> > > the server when the client try to connect.
> > > EIdOSSLLoadingKeyError - 'Could not load key, check password'

> > > Thanks a lot...

> > > Wagner Cunha
> > > Brasil

> > > --------------------------

> > > More details:
> > > I'm using TidTCPServer and a TidServerInterceptOpenSSL... I set the
ssl
> > > properties like in the HttpServer example:

> > > var AppDir : String;
> > > begin
> > > with SSL.SSLOptions do begin
> > >     Method := sslvSSLv23;
> > >     AppDir := ExtractFilePath(Application.ExeName);
> > >     RootCertFile := AppDir + 'cert\CAcert.pem';
> > >     CertFile     := AppDir + 'cert\WSScert.pem';
> > >     KeyFile      := AppDir + 'cert\WSSkey.pem';
> > > end;
> > > end;
> > > Server.Intercept := SSL;

> > > In the Client i put a TidTCPClient and a TidConnectionInterceptOpenSSL
> > (with
> > > the options Method := sslvSSLv23 and Mode := sslmClient).

> > > When i try to connect, i get this exception in the server:
> > > EIdOSSLLoadingKeyError - 'Could not load key, check password'... I'm
> using
> > > the same files of the HttpServer Example....

Re:Indy TCPServer and SSL - Cannot Load the Key


Cause a  few thousands people have this private key with password.
That is why.

Regards,
Gregor

Re:Indy TCPServer and SSL - Cannot Load the Key


Gregor,

My last comment was tongue-in-cheek.

If someone is going into production with commonly used (and publicly
announced) certificates and passwords, well, that's a personal problem (and
a major security vulnerbility).

However, people do need to know how they can generate or obtain their own
certificates for production work.  I know you offer such a service.  But,
there are other ways (such as using OpenSSL to generate your own) to obtain
valid certificates.  Instructions for doing so might be useful to other INDY
users.

Charles

Quote
"Gregor Ibic" <gregor.i...@intelicom.si> wrote in message

news:3c9c8ae3_1@dnews...
Quote
> Cause a  few thousands people have this private key with password.
> That is why.

> Regards,
> Gregor

Re:Indy TCPServer and SSL - Cannot Load the Key


I offer a precompiled openssl.exe for dos,win,... machines and sure you can
create the certs yourself. Intelicom CA Manager - ICAM is a complete
solution for cert management and I do not push it for common users.
I already wrote a manual for creating certificates yourself, but then I lost
the file. I remember I send it to some miss/{*word*188} on this NG, but I dont
remember whom.

So if you are listening ...

I have also a planned Intelicom's Web reconstruction (just in the middle of
configuring HW) that will bring also new Web design (easier to read) and
many new articles about SSL.
Also forum will be merged and other security projects also.

But ...., you will have to wait a little.

Regards,
Gregor

P.S.
And yes, I will rewrite a short Howto for creating certs yourself.

Other Threads