Hi Jorge, I got considerably farther and generated the server key, but am now having a problem with the client key. I'm getting this error: failed to update database
TXT_DB error number 2 Any thoughts? The full script is below: C:\Program Files\OpenSSL>ca client Simple CA utility Written by Artur Maj ([EMAIL PROTECTED]) Warning! The content of the C:\CA\temp\vnc_client directory will be removed. Press CTRL-C to break, or ENTER to continue... -------------------------------------------------------------------- Step 1: Generate the keys and the certificate request -------------------------------------------------------------------- Loading 'screen' into random state - done Generating a 1024 bit RSA private key ..++++++ ..++++++ writing new private key to 'C:\CA\temp\vnc_client\client.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:Connecticut Locality Name (eg, city) []:Burlington Organization Name (eg, company) [Internet Widgits Pty Ltd]:Prosoft Organizational Unit Name (eg, section) []:DS Common Name (eg, YOUR name) []:Frank Email Address []:[EMAIL PROTECTED] Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:Favorite wood An optional company name []: -------------------------------------------------------------------- Step 2: Sign the certificate -------------------------------------------------------------------- Using configuration from C:\Progra~1\OpenSSL\openssl.conf Loading 'screen' into random state - done Enter pass phrase for C:\CA\private\CAkey.pem: DEBUG[load_index]: unique_subject = "yes" Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows countryName :PRINTABLE:'US' stateOrProvinceName :PRINTABLE:'Connecticut' localityName :PRINTABLE:'Burlington' organizationName :PRINTABLE:'Prosoft' organizationalUnitName:PRINTABLE:'DS' commonName :PRINTABLE:'Frank' emailAddress :IA5STRING:'[EMAIL PROTECTED]' Certificate is to be certified until Nov 1 18:53:01 2008 GMT (365 days) Sign the certificate? [y/n]:y failed to update database TXT_DB error number 2 C:\Program Files\OpenSSL> ----- Original Message ---- From: Jorge Fernandez <[EMAIL PROTECTED]> To: openssl-users@openssl.org Sent: Thursday, November 1, 2007 7:28:51 PM Subject: Re: ca server - unable to load CA private key 2007/10/30, Frank Garber <[EMAIL PROTECTED]>: Hey all, I'm very new to security and generating key files. I'm following the instructions I've found here: http://www.securityfocus.com/infocus/1677 and I'm having trouble generating the private / public key pair and certificate. In step 2 it asks: "Enter pass phrase for C:\CA\private\CAkey.pem:". Is it looking for a value from a previous step? Yes. You have to give the passphrase you used to encrypt the private key of the CA (CAkey.pem), i.e. the one you provided when you did 'ca genca'. Regards, -- Jorge Fernandez
