Re: multilevel CA wont load private key -help

Jayadev Kumar Tue, 12 Aug 2014 06:21:36 -0700

Looks like CA.sh doesn't create crlnumber file in demoCA and openssl ca crl
complains about it.
 With CA.pl This steps worked.


    mkdir RootCA
    cp ../openssl-1.0.1h/apps/CA.pl .
    chmod +x CA.pl
    ./CA.pl -newca   (Just Enter, will create RootCA)
    ./CA.pl -newreq
    ./CA.pl -signCA
    cat demoCA/cacert.pem >> newcert.pem
    cat newkey.pem >> newcert.pem
    mkdir LEVEL1
    cp newcert.pem LEVEL1/
    cp CA.pl LEVEL1/
    cd LEVEL1/
    ./CA.pl -newca   (Enter newcer.pem on prompt, will create directory
structure for LEVEL1 CA).
    openssl ca -gencrl  -crldays 60 -keyfile  demoCA/private/cakey.pem
-out  crl01.pem
    openssl crl -in crl01.pem -text

    (Here config file is taken from default location).



On Tue, Aug 12, 2014 at 4:45 PM, Jayadev Kumar <jayadev.ku...@gmail.com>
wrote:

>   ./CA.sh -newca  (Script on a fresh directory creates demoCA directory
> with RootCA and Privatekey)
>   ./CA.sh -newreq (creates a new cert request, with newcert.pem and
> newkey.pem)
>   ./CA.sh -signCA  (Sign the new req as CA, with RootCA).
>
> You can find the CA.sh in  'openssl-1.0.1h/apps' directory.
>
> -Jayadev.
>
>
> On Tue, Aug 12, 2014 at 2:55 PM, lux-integ <lux-in...@btconnect.com>
> wrote:
>
>> Greetings
>>
>>
>> I am trying to learn how to set up a small multilevel CA.  Im using the
>> openssl-1.0.1h.  And  the computer runs linux. I did the following:
>>
>>
>> --A- generate rootCA
>> openssl req \
>> -new \
>> -config openssl.cnf_ \
>> -out    ROOTCAReq.pem \
>> -keyout ROOTCAKey.pem \
>>
>>
>> -B- generated a crl  )r rootCA with
>> openssl ca \
>> -gencrl   \
>> -config openssl.cnf \
>> -out     crl/crl01.pem \
>>
>>
>>
>>
>> -C-  setup LEVEL1 CA with
>>
>> openssl req \
>> -new      \
>> -config  openssl.cnf \
>> -out      level1/LEVELCAReq.pem \
>> -keyout   level1/private/LEVEL1CAKey.pem \
>>
>> ( then sign it with the  ROOTCAkey. )
>>
>>
>> --D- created a certificate trust chain with
>>
>> cat  ROOTCACert.pem  level1/LEVEL1CACert.pem >\
>> TrustChainCACert.pem
>>
>>
>> --E-- tried to generate crl for LEVEL1 CA with
>>
>> openssl ca \
>> -gencrl  \
>> -crldays 60 \
>> -config  openssl.cnf \
>> -keyfile  LEVEL1CAKey.pem \
>> -out     level1/crl/crl01.pem \
>>
>>
>>   but I keep getting the following errors:-
>> ################
>> Using configuration from openssl.cnf
>> Error opening CA private key level1/private/LEVEL1CAKey.pem
>> 139899027933056:error:02001002:system library:fopen:No such file or
>> directory:bss_file.c:398:fopen('level1/private/LEVEL1CAKey.pem','r')
>> 139899027933056:error:20074002:BIO routines:FILE_CTRL:system
>> lib:bss_file.c:400:
>> unable to load CA private key
>> ##############
>>
>> help would be apprecuiated
>>
>>
>> sincerely
>> luxInteg
>> ______________________________________________________________________
>> OpenSSL Project                                 http://www.openssl.org
>> User Support Mailing List                    openssl-users@openssl.org
>> Automated List Manager                           majord...@openssl.org
>>
>
>

Re: multilevel CA wont load private key -help

Reply via email to