VNC with Stunnel and OpenSSL

valo lin rohezal2000 "at" yahoo.de
Thu Oct 14 19:25:01 2004 

Hi,
I tried using the tutorial from SecurityFocus (
http://www.securityfocus.com/infocus/1677 ) to make
VNC run via an encrypted tunnel. At the point of
signing the certificates, I encounter an error. I am
sending this to you, since the tutorial was mentioned
before on this mailing list.

My guesses are, that either
- the sample config and ca.bat files on the
SecurityFocus homepage are too old to use with the
versions I downloaded from your site or
- other versions of libeay32.dll I have on my computer
are loaded instead of the one in the same directory
- Windows XP is somehow messing with the certificate
signing process.

The error seems to only occur with the second
certificate I am signing. 


Regards,
Juergen Meyers


Here's the output:




C:\PROGRA~1\OpenSSL>ca server

 Simple CA utility
 Written by Artur Maj (artur.maj "at" seccure.net)

 Warning!
 The content of the C:\CA\temp\vnc_server directory
will be removed.
 Press CTRL-C to break, or ENTER to continue...
--------------------------------------------------------------------
 Step 1: Generate the keys and the certificate request
--------------------------------------------------------------------

Loading 'screen' into random state - done
Generating a 1024 bit RSA private key
............++++++
...................................++++++
writing new private key to
'C:\CA\temp\vnc_server\server.key'
-----
You are about to be asked to enter information that
will be incorporated
into your certificate request.
What you are about to enter is what is called a
Distinguished Name or a DN.
There are quite a few fields but you can leave some
blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:GE
State or Province Name (full name) [Some-State]:Berlin
Locality Name (eg, city) []:Berlin
Organization Name (eg, company) [Internet Widgits Pty
Ltd]:My Productions
Organizational Unit Name (eg, section) []:MY
Productions Division Security

Common Name (eg, YOUR name) []:Juergen Meyers
Email Address []:rohezal2000 "at" yahoo.de

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

--------------------------------------------------------------------
 Step 2: Sign the certificate
--------------------------------------------------------------------

Using configuration from
C:\Progra~1\OpenSSL\openssl.conf
Loading 'screen' into random state - done
3684:error:0E06D06C:configuration file
routines:NCONF_get_string:no value:crypto
/conf/conf_lib.c:329:group=CA_default
name=unique_subject
Enter pass phrase for C:\CA\private\CAkey.pem:
DEBUG[load_index]: unique_subject = "yes"
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'GE'
stateOrProvinceName   :PRINTABLE:'Berlin'
localityName          :PRINTABLE:'Berlin'
organizationName      :PRINTABLE:'My Productions'
organizationalUnitName:PRINTABLE:'My Productions
Division Security'
commonName            :PRINTABLE:'Juergen Meyers'
emailAddress         
:IA5STRING:'rohezal2000 "at" yahoo.de'
Certificate is to be certified until Oct 14 18:12:18
2005 GMT (365 days)
Sign the certificate? [y/n]:y
failed to update database
TXT_DB error number 2


	

	
		
___________________________________________________________
Gesendet von Yahoo! Mail - Jetzt mit 100MB Speicher kostenlos - Hier anmelden: http://mail.yahoo.de