On Thu, Nov 18, 2004, Dan O'Brien wrote: > > On Nov 18, 2004, at 11:48 AM, Dr. Stephen Henson wrote: > > >On Thu, Nov 18, 2004, Dan O'Brien wrote: > > > >> > >>On Nov 17, 2004, at 7:49 PM, Dr. Stephen Henson wrote: > >> > >>>On Wed, Nov 17, 2004, Dan O'Brien wrote: > >>> > >>>> > >>>> > >>>>Hi Steve, thanks for the response. We did not get this error (or if > >>>>we > >>>>have, we haven't seen it): > >>>> > >>>> Using configuration from /some/path/openssl.cnf > >>>> Unable to load config info > >>>> > >>>>But we did get this error upon attempting to make a CA: > >>>> > >>>> unable to find 'distinguished_name' in config > >>>> problems making Certificate Request > >>>> > >>> > >>>OK, try repeating the command with the -verbose command line option. > >>>It should > >>>then tell you where its getting its configuration from. > >>> > >>>Check if the file exists is readable or is obviously broken. If it > >>>contains no > >>>line with this in it: > >>> > >>>[distinguished_name] > >>> > >>>then that counts as broken :-) > >>> > >>> > >> > >>OK -- the "-v" option is unknown to the "req" command, as in: > >> > >>[EMAIL PROTECTED]:~# openssl req -v -new -x509 -keyout private/cakey.pem > >>-out > >>cacert.pem -days 7000 > > > >I said use the -verbose option not -v as in: > > > >openssl req -verbose -new -x509 -keyout private/cakey.pem -out > >cacert.pem > > -days 7000 > > > >Steve. > > We did attempt that previously, with the same result (sorry we didn't > post this earlier): > > [EMAIL PROTECTED]:~# openssl req -verbose -new -x509 -keyout > private/cakey.pem > -out cacert.pem -days 7000 > unknown option -verbose > req [options] <infile >outfile > where options are > -inform arg input format - DER or PEM > -outform arg output format - DER or PEM > -in arg input file > -out arg output file > -text text form of request > -noout do not output REQ > -verify verify signature on REQ > -modulus RSA modulus > -nodes don't encrypt the output key > -key file use the private key contained in file > -keyform arg key file format > -keyout arg file to send the key to > -rand file:file:... > load the file (or the files in the directory) into > the random number generator > -newkey rsa:bits generate a new RSA key of 'bits' in size > -newkey dsa:file generate a new DSA key, parameters taken from CA in > 'file' > -[digest] Digest to sign with (md5, sha1, md2, mdc2, md4) > -config file request template file. > -new new request. > -x509 output a x509 structure instead of a cert. req. > -days number of days a x509 generated by -x509 is valid for. > -newhdr output "NEW" in the header lines > -asn1-kludge Output the 'request' in a format that is wrong but some > CA's > have been reported as requiring > -extensions .. specify certificate extension section (override value > in config file) > -reqexts .. specify request extension section (override value in > config file) >
What version of OpenSSL are you using (openssl version -a)? Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
