[EMAIL PROTECTED] - Mon Nov 1 16:36:45 2004]: > Here goes: > > [EMAIL PROTECTED] misc]# ./CA.pl -newreq > Generating a 1024 bit RSA private key > .........................++++++ > ............................++++++ > writing new private key to 'newreq.pem' > Enter PEM pass phrase: > Verifying - Enter PEM pass phrase: > ----- > You are about to be asked to enter information that will be incorporated > into your certificate request. > What you are about to enter is what is called a Distinguished Name or a > DN. > There are quite a few fields but you can leave some blank > For some fields there will be a default value, > If you enter '.', the field will be left blank. > ----- > Country Name (2 letter code) [GB]: > State or Province Name (full name) [Berkshire]: > Locality Name (eg, city) [Newbury]: > Organization Name (eg, company) [My Company Ltd]: > Organizational Unit Name (eg, section) []: > Common Name (eg, your name or your server's hostname) []: > Email Address []: > > Please enter the following 'extra' attributes > to be sent with your certificate request > A challenge password []: > An optional company name []: > Request (and private key) is in newreq.pem > [EMAIL PROTECTED] misc]# pwd > /usr/local/openssl/ssl/misc > [EMAIL PROTECTED] misc]# ./CA.pl -newca > CA certificate filename (or enter to create) > > Making CA certificate ... > Generating a 1024 bit RSA private key > ..++++++ > ..++++++ > writing new private key to './demoCA/private/cakey.pem' > Enter PEM pass phrase: > Verifying - Enter PEM pass phrase: > ----- > You are about to be asked to enter information that will be incorporated > into your certificate request. > What you are about to enter is what is called a Distinguished Name or a > DN. > There are quite a few fields but you can leave some blank > For some fields there will be a default value, > If you enter '.', the field will be left blank. > ----- > Country Name (2 letter code) [GB]: > State or Province Name (full name) [Berkshire]: > Locality Name (eg, city) [Newbury]: > Organization Name (eg, company) [My Company Ltd]: > Organizational Unit Name (eg, section) []: > Common Name (eg, your name or your server's hostname) []: > Email Address []: > > [EMAIL PROTECTED] misc]# ls > CA.pl CA.sh c_hash c_info c_issuer c_name demoCA der_chop > failcert newreq.pem > [EMAIL PROTECTED] misc]# ./CA.pl -sign > Using configuration from /usr/share/ssl/openssl.cnf > unable to load CA private key > 5052:error:0906D06C:PEM routines:PEM_read_bio:no start > line:pem_lib.c:632:Expecting: ANY PRIVATE KEY > Signed certificate is in newcert.pem > [EMAIL PROTECTED] misc]# > > > I have had the exact same errors on RH9, RHEL, FC1 and FC2. To ensure > there are no package dependancy issues, this is a full install (all > packages). I am using the latest - openssl-devel-0.9.7a-2 version of > openssl, and freeradius-1.0.1 compiled with openssl. Again, adding > whitespace to openssl.cnf line 46 fixes this error and allows me to > sign the certs. >
Ah, that's a non standard version of OpenSSL. As can be seen from the prompts for the fields which aren't the same as OpenSSL 0.9.7e so openssl.cnf at least isn't the same as OpenSSL 0.9.7e. What does ./demoCA/private/cakey.pem look like when you get that error? Steve. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
