What are the contents of your openssl.cnf? Are you using precisely the same configuration you were using with earlier versions of openssl?
If you have the ability to use an older version of openssl with the same configuration file, does it currently work? -Kyle H On 12/15/06, Alex <[EMAIL PROTECTED]> wrote:
On Fri, 15 Dec 2006 18:20:45 -0700 "Kyle Hamilton" <[EMAIL PROTECTED]> wrote: > It's best if you tag your in/out files with '.pem', '.csr', '.crt'. I > realize that UNIX doesn't deal with file extensions, but it goes a > LONG way to help with debugging. > > Do you have a file called ./private/ca-key.pem? It is looking for the > CA's private key, which is located in the same file as the CA's > certificate [used for getting the authority information]. It's > supposed to be in a PEM (base-64, i.e. text)-encoded form, containing > a TRUSTED CERTIFICATE and a PRIVATE KEY. > > If you don't have it set up properly, it will throw an error. Try > going through the CA howto on the openssl website, creating a new CA, > and looking at the format of the contents of the files associated with > each step of the process. > > -Kyle H I do indeed have a file ./private/ca-key.pem. If it wasn't there, openssl wouldn't ask me for the password to the private key in the first place. :| The ca-key.pem file begins with: -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,0CB5B11689207778 In the directory I am executing openssl from I have a file, ca-cert.pem. The reason I am sending this to the mailing list is because I _always_ used to sign certificates in this manner, and now it doesn't work. -- Alex
-- -Kyle H ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
