On Sun, Jun 4, 2017 at 8:57 PM, Jeffrey Walton <noloa...@gmail.com> wrote:
> On Sun, Jun 4, 2017 at 7:56 PM, PGNet Dev <pgnet....@gmail.com> wrote:
>> On 6/4/17 4:51 PM, Jeffrey Walton wrote:
>>>>
>>>> but the process STARTS with an apparently non-fatal error ...
>>>>
>>>> Using configuration from /home/sec/newCA/openssl.cnf
>>>> Can't open root/database.attr for reading, No such file or
>>>> directory
>>>> 140013244086016:error:02001002:system
>>>> library:fopen::crypto/bio/bss_file.c:74:fopen('root/database.attr','r')
>>>> 140013244086016:error:2006D080:BIO routines:BIO_new_file:no such
>>>> file:crypto/bio/bss_file.c:81:
>>>
>>>
>>> This usually indicates the OpenSSL conf file cannot be found. Its odd
>>> that "Using configuration from /home/sec/newCA/openssl.cnf" is
>>> reported.
>>>
>>> Maybe you can try `OPENSSL_CONF=/home/sec/newCA/openssl.cnf <command>`
>>> to isolate the issue (or maybe rule out its not a conf file problem).
>>
>>
>> The message above doesn't indicate that openssl.cnf can't be found. In fact
>> it explcitly states that it IS found and IS using it
>>
>>>> Using configuration from /home/sec/newCA/openssl.cnf
>>
>> It's the same openssl.cnf used in all the PRIOR steps, with not problem
>> whatsoever.
>>
>> Rather it's
>>
>>>> Can't open root/database.attr for reading, No such file or
>>>> directory
>>
>> that's not found.
>>
>> I've found that if I simply
>>
>> touch root/database.attr
>> touch intermediate/database.attr
>>
>> as already's been done with
>>
>> touch root/database
>> touch intermediate/database
>
> Oh, I was not aware you were skipping steps. I guess that explains the
> unusual results.
BTW, I believe you are also supposed to add an initial serial number.
Something like:
echo "0" > serialno.txt
Check your conf file for the filename.
(The information is somewhere in the docs. It may be in the
Certificates HOWTO or the CA HOWTO).
Jeff
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
