Actually you might be confused a little. A CSR is nothing more than
a public key bundled with an identity (name). If you already have
a CSR you should not also need a public key.
If you mean the key to be the private key to a signing CA and the
CSR to be for an end-user certificate to be SIGNED by that CA,
it would be a different story.
However, this appears to be the solution to your immediate problem:
[zben-mac-ii:~] zben% man x509
X509(1) OpenSSL
NAME
x509 - Certificate display and signing utility
SYNOPSIS
openssl x509 [-inform DER|PEM|NET] [-outform DER|PEM|NET] [-keyform
DER|PEM] [-CAform DER|PEM] [-CAkeyform DER|PEM] [-in filename] [-out
...
OPTIONS
...
SIGNING OPTIONS
...
-req
by default a certificate is expected on input. With this option a
certificate request is expected instead.
If you're giving it a CSR you should use the -req option otherwise
it will be expecting a certificate, which is sorta what the error
diagnostic was trying to tell you:
>> 1530:error:0906D06C:PEM routines:PEM_read_bio:no start
>> line:pem_lib.c:662:Expecting: TRUSTED CERTIFICATE
==============================
Word to the wise: it would be a Good Idea to read all the man pages
from cover to cover of the openssl keywords you're trying to use,
plus the global one, plus the two on the configuration file format,
plus the ASCII text files in the doc (docs?) directory of the source
code distribution.
Ronan wrote:
Ronan wrote:
openssl x509 -in ./demoCA/rtest.csr -CA ./demoCA/cacert.pem -CAkey
./demoCA/private/cakey.pem -CAserial ./demoCA/serial -out
./demoCA/rtest.pem
unable to load 'random state'
This means that the random number generator has not been seeded
with much random data.
Consider setting the RANDFILE environment variable to point at a file
that
'random' data can be kept in (the file will be overwritten).
unable to load certificate
1530:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:662:Expecting: TRUSTED CERTIFICATE
this is the error im currently getting.
I have generated
rtest.key
and rtest.csr
I have cat'd rtest.key into rtest.csr
then run the above...
I did this because it compains about needing a key
If i dont have to do this please tell me why
So its looking for a trsuted certificate
how do i do this...
this is buggin me i think i've read every document on openssl.org and am
still stumped...
Someone is bound to have done this before...
ronan
--
Charles B (Ben) Cranston
mailto: [EMAIL PROTECTED]
http://www.wam.umd.edu/~zben
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
