certificate creation example

[Howard Chan]

Hello OpenSSL experts,   I've been experimenting, or more like playing around, with Openssl on Linux.  This is what I'm trying to do with OpenSSL : create a self-signed root CA certificate create a private key and then a certificate request use the root CA cert to sign the certificate request, thereby making a user certificate finally, I want to verify the cert....(ie. verify -CApath _______ newcert.pem) I'm no expert at this, but this is what I did (so far): I used 'openssl req -x509 -newkey rsa:1024 -keyout key.pem -out req.pem' for Step 1 above. I used 'openssl req -new -key privkey.pem -out cert.csr' for Step 2 above. For Step 3 above, I tried using the 'ca' command but always returned an error (which is attached), saying that it could not find files in the ./demoCA directory.  So I created a /demoCA directory on my machine containing the CA cert and it's private key and the serial and index files.  But still, when I ran the 'ca' command the same error occurs.   I know there's a CA.pl program....which I can utilize to do the cert creation...but how do I use that?  Do I need to compile it or anything before I can use that program?  I'm not sure.   So I don't know what to do for Step 3 (sign a cert request with the CA root cert).  I'm out of ideas.   Please enlighten me with some ideas, or correct my errors if you could.   Thanks alot.   Best regards,   H. Chan

Using configuration from /usr/share/ssl/openssl.cnf
./demoCA/private/cakey.pem: No such file or directory
trying to load CA private key
7740:error:02001002:system library:fopen:No such file or 
directory:bss_file.c:245:fopen('./demoCA/private/cakey.pem','r')
7740:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:247:
error in ca