./CA.sh -newca (Script on a fresh directory creates demoCA directory
with RootCA and Privatekey)
./CA.sh -newreq (creates a new cert request, with newcert.pem and
newkey.pem)
./CA.sh -signCA (Sign the new req as CA, with RootCA).
You can find the CA.sh in 'openssl-1.0.1h/apps' directory.
-Jayadev.
On Tue, Aug 12, 2014 at 2:55 PM, lux-integ <lux-in...@btconnect.com> wrote:
> Greetings
>
>
> I am trying to learn how to set up a small multilevel CA. Im using the
> openssl-1.0.1h. And the computer runs linux. I did the following:
>
>
> --A- generate rootCA
> openssl req \
> -new \
> -config openssl.cnf_ \
> -out ROOTCAReq.pem \
> -keyout ROOTCAKey.pem \
>
>
> -B- generated a crl )r rootCA with
> openssl ca \
> -gencrl \
> -config openssl.cnf \
> -out crl/crl01.pem \
>
>
>
>
> -C- setup LEVEL1 CA with
>
> openssl req \
> -new \
> -config openssl.cnf \
> -out level1/LEVELCAReq.pem \
> -keyout level1/private/LEVEL1CAKey.pem \
>
> ( then sign it with the ROOTCAkey. )
>
>
> --D- created a certificate trust chain with
>
> cat ROOTCACert.pem level1/LEVEL1CACert.pem >\
> TrustChainCACert.pem
>
>
> --E-- tried to generate crl for LEVEL1 CA with
>
> openssl ca \
> -gencrl \
> -crldays 60 \
> -config openssl.cnf \
> -keyfile LEVEL1CAKey.pem \
> -out level1/crl/crl01.pem \
>
>
> but I keep getting the following errors:-
> ################
> Using configuration from openssl.cnf
> Error opening CA private key level1/private/LEVEL1CAKey.pem
> 139899027933056:error:02001002:system library:fopen:No such file or
> directory:bss_file.c:398:fopen('level1/private/LEVEL1CAKey.pem','r')
> 139899027933056:error:20074002:BIO routines:FILE_CTRL:system
> lib:bss_file.c:400:
> unable to load CA private key
> ##############
>
> help would be apprecuiated
>
>
> sincerely
> luxInteg
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager majord...@openssl.org
>
