maybe the cakey in $dir/private/cakey.pem is not correct.
----- Original Message -----
From: Naram El Adib <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, February 11, 2001 6:24 AM
Subject: [openca-users:247] ./issue_certs.bin
> hello, I m still stuck with this roblem
> I am using OpenCA and trying to issue the certificate directly from the
> command line ./issue_certs.bin but I get the error:
>
> [
> unable to load CA private key
> 1841:error:06065064:digital envelope routines:EVP_DecryptFinal:bad
> decrypt:evp_enc.c:284:
> 1841:error:0906A065:PEM routines:PEM_do_header:bad decrypt:pem_lib.c:451:
> \nCopying issued certificate to certs/issued dir ... cp:
> /usr/local/OpenCA/certs/new/02.pem: Aucun fichier ou rpertoire de ce type
> Done.
> (/usr/local/OpenCA/certs/new/02.pem).
> Importing certificate into DB ... sh: /usr/local/OpenCA/certs/new/02.pem:
> Aucun fichier ou rpertoire de ce type
> ERROR: Can't access /usr/local/OpenCA/certs/new/02.pem
> ]
>
> below is the steps i took along witth the error I get :
> do u have any idea on what's the source of teh problem.
> thank you
> Naram
>
>
>
> [root@SOS bin]# ./issue_certs.bin
>
> Enter the OpenSSL intallation dir (/usr/local/ssl): /usr/local/ssl
> Enter the basedir for your CA [/usr/local/OpenCA ] : /usr/local/OpenCA
> Enter the config for your CA [ /usr/local/OpenCA/stuff/openssl.cnf ] :
> /usr/local/OpenCA/stuff/openssl.cnf
> Enter the Secret Key's Size (default 1024) : 1024
> warning, not much extra random data, consider using the -rand option
> Generating RSA private key, 1024 bit long modulus
> ...............++++++
>
..........................................................................++
++++e
> is 65537 (0x10001)
> Generating request for certificate (02) ...
> Using configuration from /usr/local/OpenCA/stuff/openssl.cnf
> You are about to be asked to enter information that will be incorporated
> into your certificate request.
> What you are about to enter is what is called a Distinguished Name or a
> DN.
> There are quite a few fields but you can leave some blank
> For some fields there will be a default value,
> If you enter '.', the field will be left blank.
> -----
> Email Address []:[EMAIL PROTECTED]
> Common Name (eg, YOUR name) []:guest
> Organizational Unit Name (eg, section) []:
> Organization Name (eg, company) [OpenCA]:aui
> Country Name (2 letter code) [IT]:MA
> Done.
>
> Please specify the certificate Type (refer to the stuff/openssl.cnf
> file for extensions to be used, defaults are user_cert, server_cert,
> user_objsign_cert, server_objsign_cert ). Do
> not specify nothing for\n
> default user certificate : user_cert
> Signing the request :
> Using configuration from /usr/local/OpenCA/stuff/openssl.cnf
> Enter PEM pass phrase:
> unable to load CA private key
> 1841:error:06065064:digital envelope routines:EVP_DecryptFinal:bad
> decrypt:evp_enc.c:284:
> 1841:error:0906A065:PEM routines:PEM_do_header:bad decrypt:pem_lib.c:451:
> \nCopying issued certificate to certs/issued dir ... cp:
> /usr/local/OpenCA/certs/new/02.pem: Aucun fichier ou rpertoire de ce type
> Done.
> (/usr/local/OpenCA/certs/new/02.pem).
> Importing certificate into DB ... sh: /usr/local/OpenCA/certs/new/02.pem:
> Aucun fichier ou rpertoire de ce type
> ERROR: Can't access /usr/local/OpenCA/certs/new/02.pem
>
> Done.
>
> ADVICE:
> =======
>
> If you generated the certificates for the RAServer Web Server and the
> Secure web server, now you can find the certificates in certs/new/ dir
> or in certs/issued directory. The corresponding secret keys can be
> found in private/ . Copy the to the corresponding server's configuration
> specified dir (usually /ssl.crt and /ssl.key).
>
> If you have, instead, generated the certificate for an RA Operator, i.e.
> one person that should access the RAServer, use the bin/browserExport.bin
> script to export certificate in .p12 (Netscape importable format).
>
> --- END ---
>
> -------------------------------------
>
>
> Naram
>
>
>
>
>
> _________________________________________________________________
> OpenCA - Users Support Mailing List [EMAIL PROTECTED]
>
_________________________________________________________________
OpenCA - Users Support Mailing List [EMAIL PROTECTED]
