| View previous topic :: View next topic |
| Author |
Message |
dman777
Veteran
Joined: 10 Jan 2007
Posts: 1004
|
 Posted: Mon Dec 14, 2009 6:27 am Post subject: Problem signing a SSL CA certificate |
 |
|
I created a SSL CA certificate. Now I am trying to sign it, but I get an error it where it can not find the passkey. What am I doing wrong?
| Code: | localhost three # open ssl req -new -nodes -subj '/C=US/ST=Texas/L=Austin' -keyout FOO-key.pem -out FOO-req.pem -days 1095
bash: open: command not found
localhost three # openssl req -new -nodes -subj '/C=US/ST=Texas/L=Austin' -keyout FOO-key.pem -out FOO-req.pem -days 1095
Generating a 1024 bit RSA private key
...++++++
.................++++++
writing new private key to 'FOO-key.pem'
-----
localhost three # openssl ca -out FOO-cert.pem -infiles FOO-req.pem
Using configuration from /etc/ssl/openssl.cnf
Error opening CA private key ./demoCA/private/cakey.pem
13193:error:02001002:system library:fopen:No such file or directory:bss_file.c:356:fopen('./demoCA/private/cakey.pem','r')
13193:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:358:
unable to load CA private key
localhost three #
|
|
|
| Back to top |
|
 |
John R. Graham
Administrator
Joined: 08 Mar 2005
Posts: 10733
Location: Somewhere over Atlanta, Georgia
|
| Posted: Mon Dec 14, 2009 10:02 am Post subject: |
|
|
First command should be "openssl", not "open ssl". 
- John
_________________
I can confirm that I have received between 0 and 499 National Security Letters. |
|
| Back to top |
|
|
tuber
Apprentice
Joined: 12 Nov 2004
Posts: 267
|
| Posted: Tue Dec 15, 2009 12:32 am Post subject: Re: Problem signing a SSL CA certificate |
|
|
Try | Code: | | openssl ca -out FOO-cert.pem -infiles FOO-req.pem -keyfile FOO-key.pem |
| dman777 wrote: | localhost three # openssl ca -out FOO-cert.pem -infiles FOO-req.pem
Using configuration from /etc/ssl/openssl.cnf
Error opening CA private key ./demoCA/private/cakey.pem
13193:error:02001002:system library:fopen:No such file or directory:bss_file.c:356:fopen('./demoCA/private/cakey.pem','r')
13193:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:358:
unable to load CA private key
localhost three #
[/code] |
|
|
| Back to top |
|
|
Hu
Administrator
Joined: 06 Mar 2007
Posts: 23123
|
| Posted: Tue Dec 15, 2009 3:14 am Post subject: |
|
|
| You may want to use GnuTLS for this instead. It provides certtool to manage certificates, and the info page has a nice step-by-step of how to create a CA, and use it to sign a non-CA certificate. The certificates created this way should be in a standard form, so you can feed them back into applications using OpenSSL. |
|
| Back to top |
|
|
DawgG
l33t
Joined: 17 Sep 2003
Posts: 877
|
| Posted: Tue Dec 15, 2009 3:27 pm Post subject: |
|
|
i have experienced a very similar error. make sure the paths you are using are exactly the paths stated in openssl.cnf or adapt openssl.cnf to the paths you want to use. stuff like that can also happen if the index or serial.txt-files are missing.
personally, i like a name different from DemoCA.
GOOD LUCK!
_________________
DUMM KLICKT GUT. |
|
| Back to top |
|
|
|
Networking & Security
