problems signing cert requests

Joseph Balsama Sat, 09 Dec 2000 08:56:39 -0800
I am new to this, so I may have misunderstood the docs that come with
openssl. I am trying to generate a test certificate that I can use with
cyrus' imap server; I want to test the ssl feature before I spend the
money on a 3rd-party certificate.

Is it obvious what I am missing here? I issued the commands that I found
on the cyrus-imapd mailing list, but I cannot get through the last step.
The command sand output are below:

BEGIN------------

# openssl req -new -x509 -keyout newCA/private/cakey.pem -out
newCA/cacert.pem -days 365
Using configuration from /usr/local/ssl/openssl.cnf
Generating a 1024 bit RSA private key
..........++++++
....++++++
writing new private key to 'newCA/private/cakey.pem'
Enter PEM pass phrase:
Verifying password - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a
DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
...
(enter data here)
...

# openssl req -new -nodes -x509 -keyout newreq.pem -out newreq.pem -days
365

Using configuration from /usr/local/ssl/openssl.cnf
Generating a 1024 bit RSA private key
................................++++++
..................................++++++
writing new private key to 'newreq.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
....
(again)
...

# openssl x509 -x509toreq -in newreq.pem -signkey
./newCA/private/cakey.pem -out tmp.pem
Getting request Private Key
Enter PEM pass phrase:
Generating certificate request

# openssl ca -cert ./newCA/cacert.pem -keyfile ./newCA/private/cakey.pem
-policy policy_anything -out newcert.pem -infiles tmp.pem

Using configuration from /usr/local/ssl/openssl.cnf
Enter PEM pass phrase:
Check that the request matches the signature
Signature did not match the certificate request

#

END -------------------
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
problems signing cert requests

Reply via email to
