Hi,
> Then I followed the updated document and stuck with strange error: > > root@server:/home/admin# openssl req -new -keyout vault.key -out vault.crt > -days 3650 -config /etc/openxpki/contrib/vault.openssl.cnf > Ignoring -days; not generating a certificate > Generating a RSA private key > .........................++++ > .......................................................................++++ > writing new private key to 'vault.key' > ----- > Error Loading extension section v3_datavault_extensions > 140436864996480:error:22077079:X509 V3 routines:v2i_AUTHORITY_KEYID:no issuer > certificate:../crypto/x509v3/v3_akey.c:104: > 140436864996480:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in > extension:../crypto/x509v3/v3_conf.c:47:name=authorityKeyIdentifier, > value=keyid:always,issuer > > It only generates a key, but no certificate. Where in the filesystem this > command has to be executed? Under root or other user? The command referenced in the documentation contains a small error. Retry, adding -x509 on the command line, i. e.: openssl req -new -x509 -keyout vault.key -out vault.crt -days 3650 -config /etc/openxpki/contrib/vault.openssl.cnf This command will generate the vault.crt certificate file. It does not matter where this command is executed and which user executes it, as the generated key and certificate are imported into the OpenXPKI database by the following two openxpkiadm commands. You can delete the generated key and certificate after the import. cheers Martin _______________________________________________ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
