From: "alben benavente alteza" <[EMAIL PROTECTED]>
Hi alben,
It looks like isn't able to load CA from the directory or a path problem,
did you try searching on google?
Its been so long since the last time I played with certificates when i was
working on apache+modssl+openldap.
so i think i also encountered that problem but i already forgot the
solution.
anyway, i have a different style in creating server and clients certificates
and ill tell you some procedures on it maybe this could help.
assuming that you have an installed openssl from tar package.
. mkdir /u1/CA <--- this might be different on your side.
. copy /usr/local/ssl/misc/CA.pl and /usr/local/ssl/openssl.cnf into /u1/CA
. create the new CA:
. perl CA.pl -newca
#supply all the information required and dont forget the passphrase, its
very important
you will now have cacert.pem as the new personal certificate authority
on /u1/CA/demoCA.
creating server certificate
. perl CA.pl -newreq
#supply again all the information required and dont forget the passphrase.
. perl CA.pl -sign
#this is what trusted authority does but youre doing it as a self sign
certificate, use the correct passphrase
in signing the certificate
. openssl rsa < newreq.pem > newkey.pem
#this will extract the private key into a seperate file
#for the ease of use, you can rename these 3 files to more meaningful
filenames.
. mv newcert.pem server.crt
. mv newreq.pem server.req
. mv newkey.pem server.key
#I use the 3 files(server.*) for the web as a server certificate.
creating clients certificate
#the procedure is almost the same as creating server certificate except the
last procedure(renaming the files)
#you can do something like this:
. mv newcert.pem client.crt
. mv newreq.pem client.req
. mv newkey.pem client.key
#covert the certificate to PKCS12 format:
. openssl pkcs12 -export -in client.crt -inkey client.key -out client.p12
#now you can import this client.p12 to your clients apps.
hope this help
//glynn
--
Philippine Linux Users' Group (PLUG) Mailing List
[EMAIL PROTECTED] (#PLUG @ irc.free.net.ph)
Official Website: http://plug.linux.org.ph
Searchable Archives: http://marc.free.net.ph
.
To leave, go to http://lists.q-linux.com/mailman/listinfo/plug
.
Are you a Linux newbie? To join the newbie list, go to
http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
