resolved the error by adding [EMAIL PROTECTED] ca_diy]# openssl ca -in certs/binc.req -out certs/binc.cert -config /usr/local/ssl/openssl.cnf
----- Original Message ----- From: "Grant Fletcher" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Saturday, June 11, 2005 2:05 PM Subject: Re: [binc] Fw: SSL certs > > hi can you help with this, here is a copy of the .cnf file > > [ ca ] > default_ca = CA_diy # The default ca section used by > # the openssl ca command > [ CA_diy ] > dir = /usr/local/ssl/ca_diy # Should be an empty dir dedicated to > # this CA > certs = $dir/certs > crl_dir = $dir/crl > database = $dir/index.txt > new_certs_dir = $dir/newcerts > certificate = $dir/cert > serial = $dir/serial > crl = $dir/crl.pem > private_key = $dir/private/key > RANDFILE = $dir/private/.rand > x509_extensions = usr_cert > default_days = 365 > default_crl_days= 30 > default_md = md5 > preserve = no > policy = policy_anything > > [EMAIL PROTECTED] ca_diy]# pwd > /usr/local/ssl/ca_diy > > [EMAIL PROTECTED] ca_diy]# ls > cert cert.req certs crl index.txt newcerts output private serial > > [EMAIL PROTECTED] ca_diy]# openssl ca -in certs/binc.req -out > certs/binc.certpwd -name CA_diy > Using configuration from /usr/share/ssl/openssl.cnf > variable lookup failed for CA_diy::private_key > 18651:error:0E06D06C:configuration file routines:NCONF_get_string:no > value:conf_lib.c:329:group=CA_diy name=private_key > > [EMAIL PROTECTED] ca_diy]# > > > ----- Original Message ----- > From: "Peter Stuge" <[EMAIL PROTECTED]> > To: <[email protected]> > Sent: Saturday, June 11, 2005 10:53 AM > Subject: Re: [binc] Fw: SSL certs > > > > On Sat, Jun 11, 2005 at 10:30:38AM +0200, Grant Fletcher wrote: > > > [EMAIL PROTECTED] bincimap]# openssl ca -in cert/binc.req -out > > > cert/binc.cert > > > Using configuration from /usr/share/ssl/openssl.cnf > > > Error opening CA private key ./demoCA/private/cakey.pem > > > 16366:error:02001002:system library:fopen:No such file or > directory:bss_file.c:259:fopen('./demoCA/private/cakey.pem','r') > > > 16366:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:261: > > > unable to load CA private key > > > [EMAIL PROTECTED] bincimap]# > > > > > > can you help! > > > > I think so. > > > > OpenSSL doesn't seem to know that you want to use your new CA > > definition by default. > > > > If you followed my example on LWBI, make sure you change/add > > > > [ ca ] > > default_ca = CA_diy > > > > in openssl.cnf. Perhaps I should clarify that the [ ca ] section > > most likely already exists in the file, and that if you add another > > one after the first one, it will not override the first one. (Or if > > it's the other way around.) > > > > Alternatively, you can add the option -name CA_diy to each openssl ca > > command. > > > > > > //Peter > > > > > > >
