Re: Some troubles making my own CA

Thu, 14 Jul 2005 14:35:39 -0700

I think I can help you with PC certs - I am having trouble with phone certs though :(
openssl genrsa -out ca.key 1024 (or whatever size key you want) you can also chose dsa or dsa1 etc 

and


openssl req -new -x509 -key ca.key -out cacert.pem -config [the name of 
the config file] - you can also chose the -md format



Then convert the pem to der format using:  openssl ca -in cacert.pem 
-out ca.cer



Your ca is ca.cer or if you wanted it in the ---cert type you can omit 
the last bit.


Hope it helps.

Alvaro Poole wrote:


Hi, I´m new to OpenSSL 0.9.8. I was using 0.9.7with mod_ssl version
about 2 weeks since yesterday. (everything in Win32,and works I
promise :) )

1.- In 0.9.7 version, i could do my own certificate with:

perl ca.pl -newca (and then, i filled all i need)

But in 0.9.8 it has been some changes that i don´t understand:


- Why, when I write this sentence, does openssl ask me two passwords? 
(CA password and CHALLENGE password, i don´t know when it uses)


2.- After this, I always made (in 0.9.7) a server certificate for this
CA with this:

openssl req -newkey rsa:1024 -nodes -keyout newreq.pem -out newreq.pem

- Why now doesn´t openssl ask me a challenge password for this certificate?

3.- At the end, i signed this certificate with the CA:

perl CA.pl -sign

and now, appears a (doesn´t found private key error)

I supose there is some trouble with mod_ssl 2.8.23 (but in
documentation says that is compatible with openssl 0.98).

My final questions are:

How can I do my own CA and signed with this in this new version and
using mod_ssl 2.8.23+1.3.33? (maybe I´ m doing something wrong, so
please tell me)

Should I use openssl 0.97 for OpenLDAP? I read that OpenLDAP is
incompatible with 0.98. Is that true?

Thanks in advance (and sorry for my english ;) )

Alvaro Poole

PD: I would like with Apache Server to (it´s complicated but I have to)
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]


 



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]






















					Reply via email to