So solved this problem. First deinstall the openssl 0.9.8d than go to /usr/bin and form this catalog delete openssl after this install openssl form ports Then try CA.pl (should works) I did it on FreeBSD 6.0 release
regards Maciej Jeppe Bundsgaard wrote: > > I have just upgraded to FreeBSD 6.1 - hoping that it would solve the > problem - but no... > So I guess that even when reinstalling openssl the CA.pl-script > remains the same - so how do I upgrade this script. Can I just find > it on CVS and overwrite it? > Jeppe > At 09:05 18-12-2006, you wrote: >>Which platform you're using? I tried openssl 0.9.8d in Fedora 3, >>the same problem occurs. >>Then I tried it on Cygwin (the same zip contents), everything work just fine >> >> >>-------- Original Message -------- >>Subject: Re:Creating CA problem >>From: Jeppe Bundsgaard <[EMAIL PROTECTED]> >>To: openssl-users@openssl.org >>Date: Mon Dec 18 2006 05:02:34 GMT+0800 >> >>>Hi >>>I have the same problem. I have tried to deinstall and reinstall openssl >>>(and manually deleting misc where CA.pl is located) - but I still get the >>>error. What shall I do to get the newer version of CA.pl? >>>Regards >>>Jeppe >>>MaciekZ wrote: >>>>Thx it works pretty fine now. >>>>Thx for your help >>>> >>>>Best regards >>>>Maciek >>>> >>>>MaciekZ wrote: >>>>>Hello everyone :) >>>>> >>>>>I have a problem with creating CA with CA.pl script >>>>> >>>>>Whenever I run ./CA-.pl -newca everything works fine until the script >>>>>displays unknown option -create_serial >>>>>%cd /usr/local/openssl/misc/ >>>>>%./CA.pl -newca >>>>> >>>>>CA certificate filename (or enter to create) >>>>> >>>>>Making CA certificate ... >>>>>Generating a 1024 bit RSA private key >>>>>.........++++++ >>>>>........++++++ >>>>>writing new private key to './demoCA/private/cakey.pem' >>>>>Enter PEM pass phrase: >>>>>Verifying - Enter PEM pass phrase: >>>>>----- >>>>>You are about to be asked to enter information that will be incorporated >>>>>into your certificate request. >>>>>What you are about to enter is what is called a Distinguished Name or a >>>>>DN. >>>>>There are quite a few fields but you can leave some blank >>>>>For some fields there will be a default value, >>>>>If you enter '.', the field will be left blank. >>>>>----- >>>>>Country Name (2 letter code) [AU]:PL >>>>>State or Province Name (full name) [Some-State]:Slaskie >>>>>Locality Name (eg, city) []:Katowice >>>>>Organization Name (eg, company) [Internet Widgits Pty Ltd]:Dom >>>>>Organizational Unit Name (eg, section) []:WR >>>>>Common Name (eg, YOUR name) []:Maciek >>>>>Email Address []:[EMAIL PROTECTED] >>>>> >>>>>Please enter the following 'extra' attributes >>>>>to be sent with your certificate request >>>>>A challenge password []: >>>>>An optional company name []: >>>>>unknown option -create_serial >>>>>usage: ca args >>>>> >>>>> -verbose - Talk alot while doing things >>>>> -config file - A config file >>>>> -name arg - The particular CA definition to use >>>>> -gencrl - Generate a new CRL >>>>> -crldays days - Days is when the next CRL is due >>>>> -crlhours hours - Hours is when the next CRL is due >>>>> -startdate YYMMDDHHMMSSZ - certificate validity notBefore >>>>> -enddate YYMMDDHHMMSSZ - certificate validity notAfter (overrides >>>>>-days) >>>>> -days arg - number of days to certify the certificate for >>>>> -md arg - md to use, one of md2, md5, sha or sha1 >>>>> -policy arg - The CA 'policy' to support >>>>> -keyfile arg - private key file >>>>> -keyform arg - private key file format (PEM or ENGINE) >>>>> -key arg - key to decode the private key if it is encrypted >>>>> -cert file - The CA certificate >>>>> -in file - The input PEM encoded certificate request(s) >>>>> -out file - Where to put the output file(s) >>>>> -outdir dir - Where to put output certificates >>>>> -infiles .... - The last argument, requests to process >>>>> -spkac file - File contains DN and signed public key and >>>>> challenge >>>>> -ss_cert file - File contains a self signed cert to sign >>>>> -preserveDN - Don't re-order the DN >>>>> -noemailDN - Don't add the EMAIL field into certificate' subject >>>>> -batch - Don't ask questions >>>>> -msie_hack - msie modifications to handle all those universal >>>>>strings >>>>> -revoke file - Revoke a certificate (given in file) >>>>> -subj arg - Use arg instead of request's subject >>>>> -extensions .. - Extension section (override value in config file) >>>>> -extfile file - Configuration file with X509v3 extentions to add >>>>> -crlexts .. - CRL extension section (override value in config >>>>> file) >>>>> -engine e - use engine e, possibly a hardware device. >>>>> -status serial - Shows certificate status given the serial number >>>>> -updatedb - Updates db for expired certificates >>>>> >>>>>when I used CA.sh -newca the script insted of unknown option >>>>>-create_serial dislayed unknown options -selfsign >>>>> >>>>>I didn't make any changes in files CA.pl CA.sh and openssl.cnf. What >>>>>should I change in order to cretate CA ?? >>>>>Should I modify something? >>>>> >>>>>I'm using FreeBSD 6.0 RELASE #p15 with custom kernel and openssl-0.9.8d >>>>>instaled form ports >>>>> >>>>>Thx for your time and help >>>>> >>>>>With regards >>>>> >>>>>Maciek >>>>> >>>>> >>>>> >>______________________________________________________________________ >>OpenSSL Project http://www.openssl.org >>User Support Mailing List openssl-users@openssl.org >>Automated List Manager [EMAIL PROTECTED] > > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > > -- View this message in context: http://www.nabble.com/Creating-CA-problem-tf2723833.html#a7929966 Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]