hello, I m still stuck with this roblem
I am using OpenCA and trying to issue the certificate directly from the
command line ./issue_certs.bin but I get the error:
[
unable to load CA private key
1841:error:06065064:digital envelope routines:EVP_DecryptFinal:bad
decrypt:evp_enc.c:284:
1841:error:0906A065:PEM routines:PEM_do_header:bad decrypt:pem_lib.c:451:
\nCopying issued certificate to certs/issued dir ... cp:
/usr/local/OpenCA/certs/new/02.pem: Aucun fichier ou rpertoire de ce type
Done.
(/usr/local/OpenCA/certs/new/02.pem).
Importing certificate into DB ... sh: /usr/local/OpenCA/certs/new/02.pem:
Aucun fichier ou rpertoire de ce type
ERROR: Can't access /usr/local/OpenCA/certs/new/02.pem
]
below is the steps i took along witth the error I get :
do u have any idea on what's the source of teh problem.
thank you
Naram
[root@SOS bin]# ./issue_certs.bin
Enter the OpenSSL intallation dir (/usr/local/ssl): /usr/local/ssl
Enter the basedir for your CA [/usr/local/OpenCA ] : /usr/local/OpenCA
Enter the config for your CA [ /usr/local/OpenCA/stuff/openssl.cnf ] :
/usr/local/OpenCA/stuff/openssl.cnf
Enter the Secret Key's Size (default 1024) : 1024
warning, not much extra random data, consider using the -rand option
Generating RSA private key, 1024 bit long modulus
...............++++++
..........................................................................++++++e
is 65537 (0x10001)
Generating request for certificate (02) ...
Using configuration from /usr/local/OpenCA/stuff/openssl.cnf
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a
DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Email Address []:[EMAIL PROTECTED]
Common Name (eg, YOUR name) []:guest
Organizational Unit Name (eg, section) []:
Organization Name (eg, company) [OpenCA]:aui
Country Name (2 letter code) [IT]:MA
Done.
Please specify the certificate Type (refer to the stuff/openssl.cnf
file for extensions to be used, defaults are user_cert, server_cert,
user_objsign_cert, server_objsign_cert ). Do
not specify nothing for\n
default user certificate : user_cert
Signing the request :
Using configuration from /usr/local/OpenCA/stuff/openssl.cnf
Enter PEM pass phrase:
unable to load CA private key
1841:error:06065064:digital envelope routines:EVP_DecryptFinal:bad
decrypt:evp_enc.c:284:
1841:error:0906A065:PEM routines:PEM_do_header:bad decrypt:pem_lib.c:451:
\nCopying issued certificate to certs/issued dir ... cp:
/usr/local/OpenCA/certs/new/02.pem: Aucun fichier ou rpertoire de ce type
Done.
(/usr/local/OpenCA/certs/new/02.pem).
Importing certificate into DB ... sh: /usr/local/OpenCA/certs/new/02.pem:
Aucun fichier ou rpertoire de ce type
ERROR: Can't access /usr/local/OpenCA/certs/new/02.pem
Done.
ADVICE:
=======
If you generated the certificates for the RAServer Web Server and the
Secure web server, now you can find the certificates in certs/new/ dir
or in certs/issued directory. The corresponding secret keys can be
found in private/ . Copy the to the corresponding server's configuration
specified dir (usually /ssl.crt and /ssl.key).
If you have, instead, generated the certificate for an RA Operator, i.e.
one person that should access the RAServer, use the bin/browserExport.bin
script to export certificate in .p12 (Netscape importable format).
--- END ---
-------------------------------------
Naram
_________________________________________________________________
OpenCA - Users Support Mailing List [EMAIL PROTECTED]
