Hellan,Kim KHE <[EMAIL PROTECTED]>:
> I'm using OpenSSL 0.9.5 on a Windows NT4 with SP6 PC.
> I'm trying to create a selfsigned certificate from a private key file and a
> X.509 request file using the OpenSSL commandline tool.
> The request is in DER format and the key is in PEM format.
>
> The commandline is:
> openssl x509 -req -inform DER -in myreq.req -outform DER -out mycert.der
> -days 730 -signkey mykey.pem -sha1
>
> This command just "hangs" and when I do a break, it comes back saying "no
> such file or directory".
I'm not sure why it hangs on your system, but this error message is a bug.
In "-req" mode, the input may not be DER-encoded (maybe stdio hangs
because binary data is read in text mode); the error message
that you should have seen is
3132:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:662:Expec\ting:
CERTIFICATE REQUEST
This will be fixed in the next snapshot.
Confusingly, x509 expects the -in file to be in "PEM" format when
-req mode is used; "-inform DER" applies only to X.509 certificates,
i.e. it would be used for reading the CA certificate if you had named
on the command line. It's probably not safe to change this behaviour,
because certificate requests are usually in "PEM" format, while
certificates in binary DER format are not that uncommon.
I guess there should be some kind of warning ...
(Also it's strange that "openssl req -outform DER" *will* be honoured,
it's not just "openssl req -x509 -outform DER" that generates binary
data.)
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
