On Thu, Jun 19, 2008 at 6:25 PM, Dorian B|ttner <[EMAIL PROTECTED]> wrote:
> GVG GVG schrieb: > > Dear Group, >> >> I was trying to create a my own CA for signing certificates for sendmail >> and >> when I did apply the following command: >> >> --------------------------- >> openssl ca -policy policy_anything -out cert.pem -infiles csr.pem >> --------------------------- >> >> I got: >> >> ---------------------------- >> Using configuration from /etc/ssl/openssl.cnf >> variable lookup failed for ca::default_ca >> 28423:error:0E06D06C:configuration file routines:NCONF_get_string:no >> value:/usr/src/lib/libssl/src/crypto/conf/conf_lib.c:329:group=ca >> name=default_ca >> ---------------------------- >> >> I understand that openssl.cnf doesn't have any 'ca' reference and it fails >> but why is that? What's the reason not having this entry in the default >> openssl OpenBSD configuration? I am missing something? >> >> Also, in "http://openbsd.org/faq/faq10.html#HTTPS"; explains how to sign >> the >> certificate by yourself. Is that the same action? >> >> Thanks for your support >> >> George >> >> > security/tinyca is a nice graphical tool for that, btw. > Thanks all of you for your replies! Finally I had to include the [ ca ] directive in the openssl.cnf file in order to make it work! George
