I'm attempting to verify a trust-store that's contained in a .zip file. I've been able to validate it within my workstation (which has ubuntu with OpenSSL 1.0.1f 6 Jan 2014).
openssl dgst -ecdsa-with-SHA1 -verify <(openssl x509 -sha1 -in signature-certificate.pem -noout -pubkey) -signature truststore.zip.dgst truststore.zip
As said, this works on my workstation, however, running this on my server I get this error:
Error opening signature file truststosre.zip.dgst
3069867216:error:02001002:system library:fopen:No such file or directory:bss_file.c:165:fopen('truststosre.zip.dgst','rb')
3069867216:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:168:
I should mention that the 'server' has OpenSSL 1.0.2 22 Jan 2015 and a /bin/bash version of 14.3.30(1)-release
Could anyone shed any light on why my server isn't validating the same file-pair?
Best Answer
The error in the OpenSSL meant that it couldn't find the file you had specified:
This can happen if you're running openssl without setting environmental variables or when openssl is launched from another process.
First of all, try specifying full path to your
truststosre.zip.dgstfile, if it won't help - you should check if the user, who launched openssl (i.e. if it is launched inside a PHP-script, it would be thewww-datauser) has enough rights to access the file.The command for
www-datauser will be:If the user hasn't got enough permissions - you'll get
Permission deniederror.P.S. A closer look reveals a possible ingenious solution, which involves fixing the most widespread type of IT-related error - mistype:
When you are trying to verify the file on your PC it is called
truststore.zip.dgst, while on remote sever you accesstruststo**s**re.zip.dgst. Try to remove that "s" and I bet it will start working right away!