> From: owner-openssl-us...@openssl.org On Behalf Of Rodney Simioni > Sent: Wednesday, 19 June, 2013 10:15
> Comments inline. > > From: owner-openssl-us...@openssl.org On Behalf Of Dave Thompson > Sent: Tuesday, June 18, 2013 10:29 PM > >Here's the command that I used to create the CA. <snip> > >Here's the command that created the certificates. > >openssl req -newkey rsa:1024 -nodes -sha1 \ > > -keyout cert.key -keyform PEM -out cert.req -outform PEM > Here's the > >command that signed the certificate. > >OPENSSL_CONF=ca.cnf openssl ca -batch -notext -in cert.req -out > >cert.pem > > Nit: that created a Certficate Signing Request aka CSR, and > then created and signed a cert from the CSR. A CSR is NOT > a cert, or even a cert-TBS (cert_info), although it is related. > [[Rod's comment]] Oh, I thought that created the actual CA > file, my bad. So, what should I do? > It does create a *certificate*, under your own private CA. If that's what you want (from later posts apparently not), what you did is right, you just described it wrong. That's why I said "Nit". <snip> > What actually is, or is in, /etc/openldap/cacerts ? > [[Rod's comment]] The contents of the directory is the ca.pem > file I created above, I copied it over there from the > directory where I created the file. > > Is it a directory and is ca.pem a file you put there? > [[Rod's comment]] As I said above, it's a file. > > openssl will ignore 'extra' files in a CApath, but maybe > openldap doesn't. If so, the error message is slightly off; > the hashname openssl wants is a hash of the *subject* plus a > numeric suffix, not a hash of the cert. But that could just > be a typo. > If that file belongs there try naming it with the value from > commandline x509 -subject_hash (or -hash) followed by dot zero. > [[Rod's comment]] Could you kindly post the actual command here? > openssl x509 -in <name_of_cert_file> -hash -> displays an 8-hex-char value e.g. 1234abcd . For that value name your file 1234abcd.0 . On Unix you normally use cp or mv or ln -s . <snip> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
