Hi support,
Could you please tell me where I made mistake..
Below shows that it fails after I ran the following command to sign other cert:
openssl x509 -req -in ca2.csr -CA ca1.crt -CAkey ca1.key -out ca2.crt
Currently I am using Win2K with openssl 0.9.6b
thank you.
-------------------------
C:\TEMP\certs3>openssl md5 * > rand1.dat
C:\TEMP\certs3>openssl genrsa -rand rand1.dat -des3 1024 > ca1.key
Loading 'screen' into random state - done
100 semi-random bytes loaded
Generating RSA private key, 1024 bit long modulus
...................++++++
............++++++
e is 65537 (0x10001)
Enter PEM pass phrase:
Verifying password - Enter PEM pass phrase:
Verify failure
1836:error:0906406D:PEM routines:DEF_CALLBACK:problems getting password:D:\MyPro
jects\Applications\opensa\openssl\crypto\pem\pem_lib.c:114:
1836:error:0906906F:PEM routines:PEM_ASN1_write_bio:read key:D:\MyProjects\Appli
cations\opensa\openssl\crypto\pem\pem_lib.c:366:
C:\TEMP\certs3>openssl genrsa -rand rand1.dat -des3 1024 > ca1.key
Loading 'screen' into random state - done
100 semi-random bytes loaded
Generating RSA private key, 1024 bit long modulus
....++++++
..++++++
e is 65537 (0x10001)
Enter PEM pass phrase:
Verifying password - Enter PEM pass phrase:
phrase is too short, needs to be at least 4 chars
Enter PEM pass phrase:
Verifying password - Enter PEM pass phrase:
C:\TEMP\certs3>openssl req -new -key ca1.key -out ca1.csr
Using configuration from C:\Program Files\OpenSA\OpenSSL\openssl.cnf
Enter PEM pass phrase:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:au
State or Province Name (full name) [Some-State]:state
Locality Name (eg, city) []:city
Organization Name (eg, company) [Internet Widgits Pty Ltd]:wm
Organizational Unit Name (eg, section) []:wm
Common Name (eg, YOUR name) []:simhead
Email Address []:[EMAIL PROTECTED]
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
C:\TEMP\certs3>openssl x509 -in ca1.csr -out ca1.crt -req -signkey ca1.key -days 3650
Loading 'screen' into random state - done
Signature ok
[EMAIL PROTECTED]
Getting Private key
Enter PEM pass phrase:
C:\TEMP\certs3>openssl md5 * > rand2.dat
C:\TEMP\certs3>openssl genrsa -rand rand2.dat -des3 1024 > ca2.key
Loading 'screen' into random state - done
290 semi-random bytes loaded
Generating RSA private key, 1024 bit long modulus
.......++++++
..........++++++
e is 65537 (0x10001)
Enter PEM pass phrase:
Verifying password - Enter PEM pass phrase:
C:\TEMP\certs3>ls
ca1.crt ca1.csr ca1.key ca2.key openssl.cfg rand1.dat
rand2.dat
C:\TEMP\certs3>openssl req -new -key ca2.key -out ca2.csr
Using configuration from C:\Program Files\OpenSA\OpenSSL\openssl.cnf
Enter PEM pass phrase:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:au
State or Province Name (full name) [Some-State]:state
Locality Name (eg, city) []:name
Organization Name (eg, company) [Internet Widgits Pty Ltd]:wm
Organizational Unit Name (eg, section) []:wm
Common Name (eg, YOUR name) []:name
Email Address []:[EMAIL PROTECTED]
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
C:\TEMP\certs3>openssl x509 -req -in ca2.csr -CA ca1.crt -CAkey ca1.key -out ca2.crt
Loading 'screen' into random state - done
Signature ok
[EMAIL PROTECTED]
Getting CA Private Key
Enter PEM pass phrase:
ca1.srl: No such file or directory
1932:error:02001002:system library:fopen:No such file or directory:..\..\tmp32dl
l\bss_file.c:245:fopen('ca1.srl','rb')
1932:error:20074002:BIO routines:FILE_CTRL:system lib:..\..\tmp32dll\bss_file.c:
247:
cheers,
Peter
: __o
: _`\<,_
: (_)/ (_)
: ************
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
