hi everybody, well i'm trying to use openssl 0.9.8.a in debian sarge with
kernel 2.6.13, i compiled and installed with no problems, but when i try to
generate CA i get some errors, i changed my working directory (CATOP) in
openssl.cnf, CA.sh and CA.pl to ./miscerts
so i tried this command:
/usr/local/ssl/misc/CA.sh -newca
and i got this error:
/usr/local/ssl/misc/CA.sh: line 90: openssl: command not found
/usr/local/ssl/misc/CA.sh: line 92: openssl: command not found
line 90 and 92 in CA.sh are:
$REQ -new -keyout ${CATOP}/private/$CAKEY -out ${CATOP}/$CAREQ
$CA -out ${CATOP}/$CACERT $CADAYS -batch -keyfile ${CATOP}/private/$CAKEY
-selfsign -infiles ${CATOP}/$CAREQ
folder miscerts is effectively created with subfolders: crl, certs,
newcerts, private and files index.txt and serial. so if those folders
exists, why process cann't continue??
i tried this too:
#openssl req -new -x509 -keyout newreq.pem -out newreq.pem -passin
pass:clue1 -passout pass:clue1
#openssl pkcs12 -export -in miscerts/cacert.pem -inkey newreq.pem -out
root.p12 -cacerts -passin pass:clue1 -passout pass:clue1
#openssl pkcs12 -in root.p12 -out root.pem -passin pass:clue1 -passout
pass:clue1
(i copied root.p12 from freeradius files)
#openssl x509 -inform PEM -outform DER -in root.pem -out root.der
#rm -rf newreq.pem
and these to SERVER CERTIFICATE GENERATION:
#openssl req -new -keyout newreq.pem -out newreq.pem -passin pass:whatever
-passout pass:clue1
#openssl ca -policy policy_anything -out newcert.pem -passin pass:whatever
-key whatever -extensions xpserver_ext -extfile xpextensions -infiles
newreq.pem
right here, when using this command i get this error:
Error opening CA private key ./miscerts/private/cakey.pem
4161:error:02001002:system library:fopen:No such file or
directory:bss_file.c:349:fopen ('./miscerts/private/cakey.pem' ,'r')
4161:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:351:
unable to load CA private key
so i think problem is cakey.pem or directory private, but why? I changed all
my paths to my working directory, but nothing happen. so maybe any library
missing??
could any body help me and tell me what is happening and why and how could i
solve?? i think all my configurations are ok.
thanks for your time and help in advance
_________________________________________________________________
Charla con tus amigos en lĂnea mediante MSN Messenger:
http://messenger.latam.msn.com/
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
