Here goes: [EMAIL PROTECTED] misc]# ./CA.pl -newreq Generating a 1024 bit RSA private key .........................++++++ ............................++++++ writing new private key to 'newreq.pem' Enter PEM pass phrase: Verifying - Enter PEM pass phrase: ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [GB]: State or Province Name (full name) [Berkshire]: Locality Name (eg, city) [Newbury]: Organization Name (eg, company) [My Company Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []: Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: Request (and private key) is in newreq.pem [EMAIL PROTECTED] misc]# pwd /usr/local/openssl/ssl/misc [EMAIL PROTECTED] misc]# ./CA.pl -newca CA certificate filename (or enter to create) Making CA certificate ... Generating a 1024 bit RSA private key ..++++++ ..++++++ writing new private key to './demoCA/private/cakey.pem' Enter PEM pass phrase: Verifying - Enter PEM pass phrase: ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [GB]: State or Province Name (full name) [Berkshire]: Locality Name (eg, city) [Newbury]: Organization Name (eg, company) [My Company Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []: Email Address []:
[EMAIL PROTECTED] misc]# ls CA.pl CA.sh c_hash c_info c_issuer c_name demoCA der_chop failcert newreq.pem [EMAIL PROTECTED] misc]# ./CA.pl -sign Using configuration from /usr/share/ssl/openssl.cnf unable to load CA private key 5052:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:632:Expecting: ANY PRIVATE KEY Signed certificate is in newcert.pem [EMAIL PROTECTED] misc]# I have had the exact same errors on RH9, RHEL, FC1 and FC2. To ensure there are no package dependancy issues, this is a full install (all packages). I am using the latest - openssl-devel-0.9.7a-2 version of openssl, and freeradius-1.0.1 compiled with openssl. Again, adding whitespace to openssl.cnf line 46 fixes this error and allows me to sign the certs. Thanks, Scott Prisbrey > -------- Original Message -------- > Subject: [SPAM] [openssl.org #961] typo in openssl.cnf > From: "Richard Levitte via RT" <[EMAIL PROTECTED]> > Date: Mon, November 01, 2004 1:05 am > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > > [EMAIL PROTECTED] - Thu Oct 28 22:11:56 2004]: > > > My intentions are not to be trite, I simply want to help those in my > > same position. Maybe "typo" wasn't the word to use. I apologize if I > > have offended. > > I'm not offended, but you must understand that we haven't been able to > reproduce your problem. Would it be possible for you to show us what > command you run, in case this is a combination of faults? > > -- > Richard Levitte > [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
