O Plameras wrote:
After the above procedure insert these:
openssl -new -x509 -keyout demoCA/private/cakey.pem \
-out demoCA/cacert.pem -days 365
no such command '-new', did you mean:
openssl req -new -x509 -keyout demoCA/private/cakey.pem \
-out demoCA/cacert.pem -days 365
# And sign your server certificate
openssl ca -policy policy_anything -in server.csr -out server.crt
# Then combine the server and server certificate into a single PEM
encoded file
cat server.key server.crt > server.pem
Do not do the above. Instead, do a request for a key, as follows:
openssl -newkey rsa:1024 -nodes -keyout newreq.pem -out newreq.pem
-days 365
and same error
then sign it, as follows:
openssl -policy policy_anything -out newcert.pem -infiles newreq.pem
are you sure about this one too?
I've not tried it yet but it's not in the man page
No, this is not the recommended way. In fact it is discouraged. With
this method,
you reveal your secrets; hardly a security at all.
I see! thanks BTW!
ta,
Dave.
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
