Here's a recipe for generating a CA directory for testing.
It assumes you have already generated a CA key and cert.
touch $CA_DIR/index.txt
echo '1000' > $CA_DIR/serial
echo '1000' > $CA_DIR/crlnumber
mkdir -m 700 $CA_DIR/newcerts
mkdir -m 700 $CA_DIR/private
mkdir $CA_DIR/certs
cp $CA_KEY $CA_DIR/private/ca_key.pem
chmod 600 $CA_DIR/private/ca_key.pem
cp $CA_CERT $CA_DIR/certs/ca_cert.pem
Those paths need to correspond to those set in the "[ CA_default ]"
section of the openssl.cnf file.
E.g.
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = somedir/ca_dir # Where everything is kept
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/index.txt # database index file.
unique_subject = no # Set to 'no' to allow creation of
# several ctificates with same subject.
new_certs_dir = $dir/newcerts # default place for new certs.
certificate = $dir/certs/ca_cert.pem
serial = $dir/serial # The current serial number
crlnumber = $dir/crlnumber # the current crl number
# must be commented out to leave a V1
CRL
crl = $dir/crl.pem # The current CRL
private_key = $dir/private/ca_key.pem
RANDFILE = $dir/.rand # private random number file
The initial crl file can be generated like so:
cat ca_key_passphrase_file.txt | openssl ca -gencrl -out $CA_DIR/crl.pem
-config /path/to/test.openssl.cnf -passin stdin
Use 'openssl req' to generate the cert request private key.
Use 'openssl spkac' to generate the spkac cert request data.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1828215
Title:
openssl ca -spkac output regressed
To manage notifications about this bug go to:
https://bugs.launchpad.net/openssl/+bug/1828215/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
