iAS 1.0 and SSL, and ".oid" files

As part of our migration path to 8i we are upgrading are Oracle application server from OAS 3.X... to iAS 1.0. This is necessary because the older one will not work on 8i, when a PL/SQL procedure has 20 or more arguments. I've installed the iAS, built DAD's, connected to the database; all is well. Except, I cannot generate a certificate request for Verisign. It complains of a missing ".oid" file. I don't know what that is; it it an organizational id? What was supposed to write it?

I have noticed that the default openssl.cnf file species that the .oid is supposed to be found in a directory for which the iAS software owner has no permissions. The reason why the software owner has no permissions is the software owner is nobody. The nobody account is reached via sudo and su. The default location for the .oid file is the home directory of the original logged-in user. The parameter in openssl.cnf can be changed, but I'm not sure what the .oid file should look like.
If i make the parameter and put in a dummy .oid file, the .oid file is found. Other problems arise, but I don't know if they're because of the context of the .oid file or something else.

The present error messages

$ openssl req -new -key priv.key -out certreq.csr -config
$ORACLE_HOME/Apache/open_ssl/bin/openssl.cnf
  Using configuration from
  /u1/app/iAS/product/1.0/Apache/open_ssl/bin/openssl.cnf   Enter PEM pass phrase:
  unable to load Private key
  23631:error:2006D002:BIO routines:BIO_new_file:system lib:bss_file.c:106:   23631:error:06065064:digital envelope routines:EVP_DecryptFinal:bad   decrypt:evp_enc.c:243:

The private key is present. "nobody" has permissions. It is able to locate the file. I know this because I put a
non-existent file name as the -key argument. It then told me it couldn't find the file.

Any ideas. Oracle support has had the problem since November 6. I am following the directions in Note 114444.1

Ian MacGregor
Stanford Linear Accelerator Center Received on Fri Nov 17 2000 - 13:25:55 CST