On Sat, Jun 11, 2005 at 10:30:38AM +0200, Grant Fletcher wrote:
> [EMAIL PROTECTED] bincimap]# openssl ca -in cert/binc.req -out cert/binc.cert
> Using configuration from /usr/share/ssl/openssl.cnf
> Error opening CA private key ./demoCA/private/cakey.pem
> 16366:error:02001002:system library:fopen:No such file or
> directory:bss_file.c:259:fopen('./demoCA/private/cakey.pem','r')
> 16366:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:261:
> unable to load CA private key
> [EMAIL PROTECTED] bincimap]#
>
> can you help!
I think so.
OpenSSL doesn't seem to know that you want to use your new CA
definition by default.
If you followed my example on LWBI, make sure you change/add
[ ca ]
default_ca = CA_diy
in openssl.cnf. Perhaps I should clarify that the [ ca ] section
most likely already exists in the file, and that if you add another
one after the first one, it will not override the first one. (Or if
it's the other way around.)
Alternatively, you can add the option -name CA_diy to each openssl ca
command.
//Peter
