Hello, I sucessfully created my own CA-certificate. Now I want to create a certificate for my mailserver. I use the batch and cnf as below. OS ist Windows 2003 x64, OpenSSL is 0.9.8k. But I receive an error and don't know why. Could somebody help? Batch: set PathOld=%Path% set Path=%Path%;c:\OpenSSL\Programm set RANDFILE=c:\OpenSSL\zertifikate\rnd.bin openssl genrsa -out ServerKey.pem -rand rnd.bin 2048 openssl req -new -key ServerKey.pem -out Server.csr -config server.cnf <<<----- at this line I receive the error openssl ca -cert CACert.pem -in Server.csr -keyfile CAKey.pem -out ServerCert.pem -config server.cnf -batch openssl pkcs12 -export -in ServerCert.pem -inkey ServerKey.pem -out ServerKey.p12 -passout pass: set RANDFILE= set Path=%PathOld%
server.cnf: ############################################################################ #### # # OpenSSL Konfigurationsdatei zur Erzeugung eines Server-Zertifikats # ############################################################################ #### pathcerts = c:/OpenSSL/Zertifikate/NewCerts pathsca = c:/OpenSSL/Zertifikate pathca = c:/OpenSSL/Zertifikate prompt = no [ ca ] default_ca = Server_CA [ Server_CA ] randfile = $pathca/rnd.bin certs = $pathcerts crl_dir = $pathcerts database = $pathcerts/index.txt new_certs_dir = $pathcerts certificate = $pathca/CACert.pem serial = $pathca/serial crl = $pathsca/crl.pem private_key = $pathca/CAKey.pem x509_extensions = cax509 default_days = 3650 default_crl_days = 30 default_md = md5 policy = policy_anything [ policy_anything ] countryName = match stateOrProvinceName = optional localityName = optional organizationName = optional organizationalUnitName = optional commonName = supplied emailAddress = optional ### Extensions für neue Zertifikate [ cax509 ] subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer:always keyUsage = digitalSignature, keyEncipherment, dataEncipherment nsCertType = server nsBaseUrl = https://www.kic-software.de/ nsCaPolicyUrl = http://www.kic-software.de/Zertifizierung/index.html nsRevocationUrl = Zertifizierung/cert.asp?action=certrevocation&SN= nsCaRevocationUrl = Zertifizierung/cert.asp?action=certcarevocation&SN= nsRenewalUrl = Zertifizierung/cert.asp?action=certrenewal&SN= [ req ] default_bits = 2048 default_keyfile = $pathca/CAkey.pem distinguished_name = req_distinguished_name attributes = req_attributes x509_extensions = reqx509 input_password = sdhakflcnai878dfhna693ncaefhklvnjdsfhvn903247 output_password = sdhakflcnai878dfhna693ncaefhklvnjdsfhvn903247 string_mask = nombstr [ req_distinguished_name ] countryName = DE stateOrProvinceName = Bayern localityName = Memmelsdorf organizationName = kiC GmbH organizationalUnitName = Internetdienste commonName = mail.kic-software.de emailAddress = i...@kic-software.de [ req_attributes ] challengePassword = none [ reqx509 ] subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer:always keyUsage = digitalSignature, keyEncipherment, dataEncipherment nsCertType = server nsBaseUrl = https://www.kic-software.de/ nsCaPolicyUrl = http://www.kic-software.de/Zertifizierung/index.html nsRevocationUrl = Zertifizierung/cert.asp?action=certrevocation&SN= nsCaRevocationUrl = Zertifizierung/cert.asp?action=certcarevocation&SN= nsRenewalUrl = Zertifizierung/cert.asp?action=certrenewal&SN= Error: Loading 'screen' into random state - done 1024 semi-random bytes loaded Generating RSA private key, 2048 bit long modulus ............................................................................ .... .....................+++ ........................................+++ e is 65537 (0x10001) Loading 'screen' into random state - done problems making Certificate Request 8536:error:0D0BA041:asn1 encoding routines:ASN1_STRING_set:malloc failure:.\cryp to\asn1\asn1_lib.c:381: 8536:error:0B08A041:x509 certificate routines:X509_ATTRIBUTE_set1_data:malloc fa ilure:.\crypto\x509\x509_att.c:317:
