Probably a simple (and often asked) question: I'm attempting to build a CA for testing purposes running Openss. .9.5.a on OpenBSD 2.8. I've set up the CA (I think): bash-2.04# ./CA.pl -newca CA certificate filename (or enter to create) Making CA certificate ... Using configuration from /etc/ssl/openssl.cnf Generating a 1024 bit RSA private key ..................................................++++++ ................................++++++ writing new private key to './demoCA/private/cakey.pem' Enter PEM pass phrase: Verifying password - Enter PEM pass phrase: ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) []:US State or Province Name (full name) []:xxxxxxx Locality Name (eg,city) []:xxxxxxx Organization Name (eg, company) []:xxxxxxxxx Organizational Unit Name (eg, section) []:xxxxxxxxx Common Name (fully qualified host name) []:xxxxxxxxxx Email Address []:xxxxxxxxx When I'm done this is what I'm left with: bash-2.04# ls CA.pl demoCA Next I go to generate a request (for my own server) bash-2.04# ./CA.pl -newreq Using configuration from /etc/ssl/openssl.cnf Generating a 1024 bit RSA private key ................................++++++ ..........++++++ writing new private key to 'newreq.pem' Enter PEM pass phrase: Verifying password - Enter PEM pass phrase: ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) []:US State or Province Name (full name) []:xxxxxxx Locality Name (eg,city) []:xxxxxxxx Organization Name (eg, company) []:xxxxxxxx Organizational Unit Name (eg, section) []:xxxxxxxx Common Name (fully qualified host name) []:xxxxxxxxxx Email Address []:xxxxxxxxx Please enter the following 'extra' attributes to be sent with your certificate request a challenge password []:xxxxxxx An optional company name []: Request (and private key) is in newreq.pem ls on the directory then shows: bash-2.04# ls CA.pl demoCA newreq.pem When I go to sign the req, I get: bash-2.04# ./CA.pl -sign Using configuration from /etc/ssl/openssl.cnf variable lookup failed for ca::default_ca Signed certificate is in newcert.pem I'm missing the boat on something here........I've followed the instructions on: http://www.pobox.org.sg/home/ngps/m2/howto.ca.html Are there any other good documents out there on establishing/running a CA using openssl? TIA Eric ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
