SSL on Zotonic 1.x

Hello,

I have some questions regarding SSL.

I’ve generated a CA and signed a certificate, renamed everything, and put the files on ~/.config/zotonic/security/mysite/ca.

The problem is it keeps generating a self signed certificate, is this the expected behaviour?

Also, I guess I’m using a faulty openssl version, because the command

openssl rsa -in sitename.key -out sitename.pem

don’t generate a -----BEGIN RSA PRIVATE KEY----- file.

This causes a Zotonic startup error because .pem file is not in PKCS1 format.

The OpenSSL version I have on my machine is 3.0.2. Is Anyone using this version?

Thanks!

2 Likes

The command changed to:

openssl pkcs8 -in mysite.key -traditional -nocrypt -out mysite.pem

2 Likes

Interesting, so they completely changed the commands.

Is there a command that would work with all openssl versions?

We use the library zotonic_ssl | Hex for the SSL and certificate tasks.

3 Likes

I also see at some places:

openssl rsa -in sitename.key -out sitename.pem -outform PEM

Does that work with openssl 3?

3 Likes

It didn’t work, the result was -----BEGIN PRIVATE KEY-----

2 Likes

Then we have to check if that openssl pkcs8 works in openssl 1.something

3 Likes

This command works on OpenSSL 1.1.1f.

2 Likes

We have just released zotonic_ssl v1.2.0, which incorporates your fix.

Will use that to update Zotonic master as well.

Update: zotonic master has been updated with zotonic_ssl 1.2.0