Hi,
Getting error from bin/clca as here:
https://github.com/openxpki/clca/blob/master/bin/clca
Really, in all versions 1.1.1 to 3.3 of OpenSSL:
https://openssl.org/docs/man3.3/man1/openssl-genrsa.html
https://openssl.org/docs/man3.0/man1/openssl-genrsa.html
https://openssl.org/docs/man1.1.1/man1/openssl-genrsa.html
command
openssl genrsa -aes256 -out $CAPRIVDIR/cakey.pem 2048
does not accept anything after [numbits] parameter.
In particular it does not accept any "-config" key introduced by
CONFIGARG="-config ..."
Really, it seems that no further configuration is needed just to
generate a key.
A patch, attached herewith, fixes the issue for me.
Could it be that Linux uses a specially hacked version of OpenSSL, which
does not comply with the manuals provided by the upstream?
Regards, Sergei
=========================================
--- bin/clca.orig 2022-11-02 21:48:49 UTC
+++ bin/clca
@@ -422,7 +422,7 @@ The following steps must be performed to create a CA:
be generated using the HSM utilities. Otherwise you will need
to create a private key by issuing
- openssl genrsa -aes256 -out $CAPRIVDIR/cakey.pem 2048 $CONFIGARG
+ openssl genrsa -aes256 -out $CAPRIVDIR/cakey.pem 2048
chmod 400 $CAPRIVDIR/cakey.pem
3. Create the CA using the initialize command
@@ -1372,7 +1372,7 @@ initialize()
openssl)
echo "Hint:"
echo "mkdir $CAPRIVDIR"
- echo "openssl genrsa -aes256 -out $CAPRIVDIR/$ROOTKEYNAME 2048
$CONFIGARG"
+ echo "openssl genrsa -aes256 -out $CAPRIVDIR/$ROOTKEYNAME 2048"
echo "chmod 400 $CAPRIVDIR/$ROOTKEYNAME"
;;
chil)
=========================================
_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users
