Package: tinyca Version: 0.6.7-1 Severity: normal I was trying to create a new CA with tinyca. It reported that it succeeded to create the CA, then gave two error messages about not being able to read the PEM file, and then simply exited. On restart, the CA did not exist.
Attached you can find the generated openssl.cnf file. I note that while it successfully wrote the stuff about the x509 extensions, the distinguished name data have not been written but are left at their defaults. If you need further information or help debugging this, let me know. -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (600, 'testing'), (98, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.10-1-k7 Locale: LANG=en_GB, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Versions of packages tinyca depends on: ii libgnome-perl 0.7009-1.1 Perl module for the gnome and zvt ii libgtk-perl 0.7009-1.1 Perl module for the gtk+ library ii liblocale-gettext-perl 1.01-17 Using libc functions for internati ii openssl 0.9.7e-2 Secure Socket Layer (SSL) binary a ii perl [libmime-base64-perl] 5.8.4-5 Larry Wall's Practical Extraction -- no debconf information -- .''`. martin f. krafft <[EMAIL PROTECTED]> : :' : proud Debian developer, admin, user, and author `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!
[ ca ] default_ca = server_ca [ policy_client ] countryName = optional stateOrProvinceName = optional organizationName = optional organizationalUnitName = optional commonName = supplied emailAddress = optional [ policy_server ] countryName = optional stateOrProvinceName = optional organizationName = optional organizationalUnitName = optional commonName = supplied emailAddress = optional [ policy_ca ] countryName = optional stateOrProvinceName = optional organizationName = optional organizationalUnitName = optional commonName = supplied emailAddress = optional [ req ] default_bits = 4096 default_keyfile = privkey.pem distinguished_name = req_distinguished_name attributes = req_attributes x509_extensions = v3_ca string_mask = nombstr req_extensions = v3_req [ req_distinguished_name ] countryName = Country Name (2 letter code) countryName_default = AU countryName_min = 2 countryName_max = 2 stateOrProvinceName = State or Province Name (full name) stateOrProvinceName_default = Some-State localityName = Locality Name (eg, city) 0.organizationName = Organization Name (eg, company) 0.organizationName_default = Internet Widgits Pty Ltd organizationalUnitName = Organizational Unit Name (eg, section) commonName = Common Name (eg, YOUR name) commonName_max = 64 emailAddress = Email Address emailAddress_max = 40 [ v3_req ] basicConstraints = CA:FALSE keyUsage = nonRepudiation, digitalSignature, keyEncipherment [ req_attributes ] challengePassword = A challenge password challengePassword_min = 4 challengePassword_max = 20 unstructuredName = An optional company name [ v3_ca ] subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer:always basicConstraints = critical,CA:true nsCertType = sslCA, emailCA, objCA issuerAltName = ca-madduck.net nsComment = "Certificate generated by madduck.net CA" crlDistributionPoints = http://ca.madduck.net/cgi-bin/crl? nsCaRevocationUrl = http://ca.madduck.net/cgi-bin/crl? nsCaPolicyUrl = http://ca.madduck.net/policy/ca/ nsRevocationUrl = http://ca.madduck.net/cgi-bin/crl? keyUsage = critical, keyCertSign, cRLSign [ crl_ext ] authorityKeyIdentifier = keyid:always,issuer:always [ server_ca ] dir = /home/madduck/.TinyCA/ca-madduck.net certs = $dir/certs crl_dir = $dir/crl database = $dir/index.txt new_certs_dir = $dir/newcerts certificate = $dir/cacert.pem serial = $dir/serial crl = $dir/crl.pem private_key = $dir/cacert.key RANDFILE = $dir/.rand x509_extensions = server_cert default_days = 365 default_crl_days = 30 default_md = sha1 preserve = no policy = policy_server unique_subject = yes [ client_ca ] dir = /home/madduck/.TinyCA/ca-madduck.net certs = $dir/certs crl_dir = $dir/crl database = $dir/index.txt new_certs_dir = $dir/newcerts certificate = $dir/cacert.pem serial = $dir/serial crl = $dir/crl.pem private_key = $dir/cacert.key RANDFILE = $dir/.rand x509_extensions = client_cert default_days = 365 default_crl_days = 30 default_md = sha1 preserve = no policy = policy_client unique_subject = yes [ ca_ca ] dir = /home/madduck/.TinyCA/ca-madduck.net certs = $dir/certs crl_dir = $dir/crl database = $dir/index.txt new_certs_dir = $dir/newcerts certificate = $dir/cacert.pem serial = $dir/serial crl = $dir/crl.pem private_key = $dir/cacert.key RANDFILE = $dir/.rand x509_extensions = v3_ca default_days = 365 default_crl_days = 30 default_md = sha1 preserve = no policy = policy_ca unique_subject = yes [ client_cert ] basicConstraints = CA:FALSE nsCertType = client, email, objsign nsComment = "TinyCA Generated Certificate" subjectKeyIdentifier = hash authorityKeyIdentifier = keyid,issuer:always issuerAltName = issuer:copy subjectAltName = email:copy keyUsage = digitalSignature, keyEncipherment [ server_cert ] basicConstraints = CA:FALSE nsCertType = server nsComment = "TinyCA Generated Certificate" subjectKeyIdentifier = hash authorityKeyIdentifier = keyid,issuer:always issuerAltName = issuer:copy subjectAltName = email:copy
signature.asc
Description: Digital signature
