Greetings
I am trying to learn how to set up a small multilevel CA. Im using the
openssl-1.0.1h. And the computer runs linux. I did the following:
--A- generate rootCA
openssl req \
-new \
-config openssl.cnf_ \
-out ROOTCAReq.pem \
-keyout ROOTCAKey.pem \
-B- generated a crl )r rootCA with
openssl ca \
-gencrl \
-config openssl.cnf \
-out crl/crl01.pem \
-C- setup LEVEL1 CA with
openssl req \
-new \
-config openssl.cnf \
-out level1/LEVELCAReq.pem \
-keyout level1/private/LEVEL1CAKey.pem \
( then sign it with the ROOTCAkey. )
--D- created a certificate trust chain with
cat ROOTCACert.pem level1/LEVEL1CACert.pem >\
TrustChainCACert.pem
--E-- tried to generate crl for LEVEL1 CA with
openssl ca \
-gencrl \
-crldays 60 \
-config openssl.cnf \
-keyfile LEVEL1CAKey.pem \
-out level1/crl/crl01.pem \
but I keep getting the following errors:-
################
Using configuration from openssl.cnf
Error opening CA private key level1/private/LEVEL1CAKey.pem
139899027933056:error:02001002:system library:fopen:No such file or
directory:bss_file.c:398:fopen('level1/private/LEVEL1CAKey.pem','r')
139899027933056:error:20074002:BIO routines:FILE_CTRL:system
lib:bss_file.c:400:
unable to load CA private key
##############
help would be apprecuiated
sincerely
luxInteg
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
