I'm attempting to verify a trust-store that's contained in a .zip file. I've been able to validate it within my workstation (which has ubuntu with OpenSSL 1.0.1f 6 Jan 2014
).
openssl dgst -ecdsa-with-SHA1 -verify <(openssl x509 -sha1 -in signature-certificate.pem -noout -pubkey) -signature truststore.zip.dgst truststore.zip
As said, this works on my workstation, however, running this on my server I get this error:
Error opening signature file truststosre.zip.dgst
3069867216:error:02001002:system library:fopen:No such file or directory:bss_file.c:165:fopen('truststosre.zip.dgst','rb')
3069867216:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:168:
I should mention that the 'server' has OpenSSL 1.0.2 22 Jan 2015
and a /bin/bash
version of 14.3.30(1)-release
Could anyone shed any light on why my server isn't validating the same file-pair?
Best Answer
The error in the OpenSSL meant that it couldn't find the file you had specified:
This can happen if you're running openssl without setting environmental variables or when openssl is launched from another process.
First of all, try specifying full path to your
truststosre.zip.dgst
file, if it won't help - you should check if the user, who launched openssl (i.e. if it is launched inside a PHP-script, it would be thewww-data
user) has enough rights to access the file.The command for
www-data
user will be:If the user hasn't got enough permissions - you'll get
Permission denied
error.P.S. A closer look reveals a possible ingenious solution, which involves fixing the most widespread type of IT-related error - mistype:
When you are trying to verify the file on your PC it is called
truststore.zip.dgst
, while on remote sever you accesstruststo**s**re.zip.dgst
. Try to remove that "s" and I bet it will start working right away!