Re: Creating CA problem
I have just upgraded to FreeBSD 6.1 - hoping that it would solve the problem - but no... So I guess that even when reinstalling openssl the CA.pl-script remains the same - so how do I upgrade this script. Can I just find it on CVS and overwrite it? Jeppe At 09:05 18-12-2006, you wrote: Which platform you're using? I tried openssl 0.9.8d in Fedora 3, the same problem occurs. Then I tried it on Cygwin (the same zip contents), everything work just fine Original Message Subject: Re:Creating CA problem From: Jeppe Bundsgaard [EMAIL PROTECTED] To: openssl-users@openssl.org Date: Mon Dec 18 2006 05:02:34 GMT+0800 Hi I have the same problem. I have tried to deinstall and reinstall openssl (and manually deleting misc where CA.pl is located) - but I still get the error. What shall I do to get the newer version of CA.pl? Regards Jeppe MaciekZ wrote: Thx it works pretty fine now. Thx for your help Best regards Maciek MaciekZ wrote: Hello everyone :) I have a problem with creating CA with CA.pl script Whenever I run ./CA-.pl -newca everything works fine until the script displays unknown option -create_serial %cd /usr/local/openssl/misc/ %./CA.pl -newca CA certificate filename (or enter to create) Making CA certificate ... Generating a 1024 bit RSA private key .++ ++ writing new private key to './demoCA/private/cakey.pem' Enter PEM pass phrase: Verifying - Enter PEM pass phrase: - You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. - Country Name (2 letter code) [AU]:PL State or Province Name (full name) [Some-State]:Slaskie Locality Name (eg, city) []:Katowice Organization Name (eg, company) [Internet Widgits Pty Ltd]:Dom Organizational Unit Name (eg, section) []:WR Common Name (eg, YOUR name) []:Maciek Email Address []:[EMAIL PROTECTED] Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: unknown option -create_serial usage: ca args -verbose- Talk alot while doing things -config file- A config file -name arg - The particular CA definition to use -gencrl - Generate a new CRL -crldays days - Days is when the next CRL is due -crlhours hours - Hours is when the next CRL is due -startdate YYMMDDHHMMSSZ - certificate validity notBefore -enddate YYMMDDHHMMSSZ- certificate validity notAfter (overrides -days) -days arg - number of days to certify the certificate for -md arg - md to use, one of md2, md5, sha or sha1 -policy arg - The CA 'policy' to support -keyfile arg- private key file -keyform arg- private key file format (PEM or ENGINE) -key arg- key to decode the private key if it is encrypted -cert file - The CA certificate -in file- The input PEM encoded certificate request(s) -out file - Where to put the output file(s) -outdir dir - Where to put output certificates -infiles - The last argument, requests to process -spkac file - File contains DN and signed public key and challenge -ss_cert file - File contains a self signed cert to sign -preserveDN - Don't re-order the DN -noemailDN - Don't add the EMAIL field into certificate' subject -batch - Don't ask questions -msie_hack - msie modifications to handle all those universal strings -revoke file- Revoke a certificate (given in file) -subj arg - Use arg instead of request's subject -extensions .. - Extension section (override value in config file) -extfile file - Configuration file with X509v3 extentions to add -crlexts .. - CRL extension section (override value in config file) -engine e - use engine e, possibly a hardware device. -status serial - Shows certificate status given the serial number -updatedb - Updates db for expired certificates when I used CA.sh -newca the script insted of unknown option -create_serial dislayed unknown options -selfsign I didn't make any changes in files CA.pl CA.sh and openssl.cnf. What should I change in order to cretate CA ?? Should I modify something? I'm using FreeBSD 6.0 RELASE #p15 with custom kernel and openssl-0.9.8d instaled form ports Thx for your time and help With regards Maciek __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org
Re: Creating CA problem
At 15:49 18-12-2006, you wrote: So solved this problem. First deinstall the openssl 0.9.8d than go to /usr/bin and form this catalog delete openssl after this install openssl form ports Then try CA.pl (should works) I did it on FreeBSD 6.0 release regards Maciej Thanks Maciej! I also deleted the openssl-dir in /usr/local - just to be sure it was all gone... Now it works. Jeppe Jeppe Bundsgaard wrote: I have just upgraded to FreeBSD 6.1 - hoping that it would solve the problem - but no... So I guess that even when reinstalling openssl the CA.pl-script remains the same - so how do I upgrade this script. Can I just find it on CVS and overwrite it? Jeppe At 09:05 18-12-2006, you wrote: Which platform you're using? I tried openssl 0.9.8d in Fedora 3, the same problem occurs. Then I tried it on Cygwin (the same zip contents), everything work just fine Original Message Subject: Re:Creating CA problem From: Jeppe Bundsgaard [EMAIL PROTECTED] To: openssl-users@openssl.org Date: Mon Dec 18 2006 05:02:34 GMT+0800 Hi I have the same problem. I have tried to deinstall and reinstall openssl (and manually deleting misc where CA.pl is located) - but I still get the error. What shall I do to get the newer version of CA.pl? Regards Jeppe MaciekZ wrote: Thx it works pretty fine now. Thx for your help Best regards Maciek MaciekZ wrote: Hello everyone :) I have a problem with creating CA with CA.pl script Whenever I run ./CA-.pl -newca everything works fine until the script displays unknown option -create_serial %cd /usr/local/openssl/misc/ %./CA.pl -newca CA certificate filename (or enter to create) Making CA certificate ... Generating a 1024 bit RSA private key .++ ++ writing new private key to './demoCA/private/cakey.pem' Enter PEM pass phrase: Verifying - Enter PEM pass phrase: - You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. - Country Name (2 letter code) [AU]:PL State or Province Name (full name) [Some-State]:Slaskie Locality Name (eg, city) []:Katowice Organization Name (eg, company) [Internet Widgits Pty Ltd]:Dom Organizational Unit Name (eg, section) []:WR Common Name (eg, YOUR name) []:Maciek Email Address []:[EMAIL PROTECTED] Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: unknown option -create_serial usage: ca args -verbose- Talk alot while doing things -config file- A config file -name arg - The particular CA definition to use -gencrl - Generate a new CRL -crldays days - Days is when the next CRL is due -crlhours hours - Hours is when the next CRL is due -startdate YYMMDDHHMMSSZ - certificate validity notBefore -enddate YYMMDDHHMMSSZ- certificate validity notAfter (overrides -days) -days arg - number of days to certify the certificate for -md arg - md to use, one of md2, md5, sha or sha1 -policy arg - The CA 'policy' to support -keyfile arg- private key file -keyform arg- private key file format (PEM or ENGINE) -key arg- key to decode the private key if it is encrypted -cert file - The CA certificate -in file- The input PEM encoded certificate request(s) -out file - Where to put the output file(s) -outdir dir - Where to put output certificates -infiles - The last argument, requests to process -spkac file - File contains DN and signed public key and challenge -ss_cert file - File contains a self signed cert to sign -preserveDN - Don't re-order the DN -noemailDN - Don't add the EMAIL field into certificate' subject -batch - Don't ask questions -msie_hack - msie modifications to handle all those universal strings -revoke file- Revoke a certificate (given in file) -subj arg - Use arg instead of request's subject -extensions .. - Extension section (override value in config file) -extfile file - Configuration file with X509v3 extentions to add -crlexts .. - CRL extension section (override value in config file) -engine e - use engine e, possibly a hardware device. -status serial - Shows certificate status given the serial number -updatedb - Updates db for expired certificates when I used CA.sh -newca the script insted of unknown option -create_serial dislayed unknown options -selfsign I didn't make any changes in files CA.pl CA.sh and openssl.cnf. What should I change in order to cretate CA ?? Should I modify something? I'm using FreeBSD 6.0 RELASE #p15 with custom kernel and openssl-0.9.8d instaled form ports Thx for your time and help
Re: Creating CA problem
Hi I have the same problem. I have tried to deinstall and reinstall openssl (and manually deleting misc where CA.pl is located) - but I still get the error. What shall I do to get the newer version of CA.pl? Regards Jeppe MaciekZ wrote: Thx it works pretty fine now. Thx for your help Best regards Maciek MaciekZ wrote: Hello everyone :) I have a problem with creating CA with CA.pl script Whenever I run ./CA-.pl -newca everything works fine until the script displays unknown option -create_serial %cd /usr/local/openssl/misc/ %./CA.pl -newca CA certificate filename (or enter to create) Making CA certificate ... Generating a 1024 bit RSA private key .++ ++ writing new private key to './demoCA/private/cakey.pem' Enter PEM pass phrase: Verifying - Enter PEM pass phrase: - You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. - Country Name (2 letter code) [AU]:PL State or Province Name (full name) [Some-State]:Slaskie Locality Name (eg, city) []:Katowice Organization Name (eg, company) [Internet Widgits Pty Ltd]:Dom Organizational Unit Name (eg, section) []:WR Common Name (eg, YOUR name) []:Maciek Email Address []:[EMAIL PROTECTED] Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: unknown option -create_serial usage: ca args -verbose- Talk alot while doing things -config file- A config file -name arg - The particular CA definition to use -gencrl - Generate a new CRL -crldays days - Days is when the next CRL is due -crlhours hours - Hours is when the next CRL is due -startdate YYMMDDHHMMSSZ - certificate validity notBefore -enddate YYMMDDHHMMSSZ- certificate validity notAfter (overrides -days) -days arg - number of days to certify the certificate for -md arg - md to use, one of md2, md5, sha or sha1 -policy arg - The CA 'policy' to support -keyfile arg- private key file -keyform arg- private key file format (PEM or ENGINE) -key arg- key to decode the private key if it is encrypted -cert file - The CA certificate -in file- The input PEM encoded certificate request(s) -out file - Where to put the output file(s) -outdir dir - Where to put output certificates -infiles - The last argument, requests to process -spkac file - File contains DN and signed public key and challenge -ss_cert file - File contains a self signed cert to sign -preserveDN - Don't re-order the DN -noemailDN - Don't add the EMAIL field into certificate' subject -batch - Don't ask questions -msie_hack - msie modifications to handle all those universal strings -revoke file- Revoke a certificate (given in file) -subj arg - Use arg instead of request's subject -extensions .. - Extension section (override value in config file) -extfile file - Configuration file with X509v3 extentions to add -crlexts .. - CRL extension section (override value in config file) -engine e - use engine e, possibly a hardware device. -status serial - Shows certificate status given the serial number -updatedb - Updates db for expired certificates when I used CA.sh -newca the script insted of unknown option -create_serial dislayed unknown options -selfsign I didn't make any changes in files CA.pl CA.sh and openssl.cnf. What should I change in order to cretate CA ?? Should I modify something? I'm using FreeBSD 6.0 RELASE #p15 with custom kernel and openssl-0.9.8d instaled form ports Thx for your time and help With regards Maciek -- View this message in context: http://www.nabble.com/Creating-CA-problem-tf2723833.html#a7920047 Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
create_serial
Hi I am trying to install a new certificate with CA.pl, but it terminates telling me that the create_serial option doesnt exist. I am using version 0.9.8b_1 and it should be introduced in version 0.9.7j The command openssl ca create_serial tells me the same. OS: FreeBSD 6.1. In the distinfo in the port it seems that to versions are used: more distinfo MD5 (openssl-0.9.8b.tar.gz) = 12cedbeb6813a0d7919dbf1f82134b86 SHA256 (openssl-0.9.8b.tar.gz) = 69efed6275942f9312de61cf69aaef12b06c12f6b10f319672ce026a756f65c0 SIZE (openssl-0.9.8b.tar.gz) = 3279283 MD5 (openssl-0.9.7j.tar.gz) = 79dd939266b069e7aca587e6ab16a055 SHA256 (openssl-0.9.7j.tar.gz) = 65a6e88c3397cb68d19dbb576ecf9f9d8dc41423aa9ac3025cd29e3987274460 SIZE (openssl-0.9.7j.tar.gz) = 3290510 Can you help me? Regards Jeppe