Hello My friend I got problem when I want to use tls support [root@mtayd CA]# pwd /etc/pki/CA
[root@mtayd CA]# openssl genrsa -des3 -out cakey.pem Generating RSA private key, 512 bit long modulus .....++++++++++++ .......++++++++++++ e is 65537 (0x10001) Enter pass phrase for cakey.pem: Verifying - Enter pass phrase for cakey.pem: [root@mtayd CA]# openssl req -new -key cakey.pem -days 1095 -out cacert.pem Enter pass phrase for cakey.pem: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ...... [root@mtayd CA]# openssl req -new -nodes -keyout postfix_private.pem -out postfix_public.pem -days 1800 Generating a 2048 bit RSA private key ........................................+++ ...........................................................................+++ writing new private key to 'postfix_private.pem' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ...... [root@mtayd CA]# chmod 600 cakey.pem [root@mtayd CA]# cp cakey.pem private/ [root@mtayd CA]# cp cacert.pem certs/ [root@mtayd CA]# ll total 32 -rw-r--r--. 1 root root 558 Aug 20 21:51 cacert.pem -rw-------. 1 root root 561 Aug 20 21:47 cakey.pem drwxr-xr-x. 2 root root 4096 Aug 20 22:31 certs drwxr-xr-x. 2 root root 4096 Dec 8 2011 crl drwxr-xr-x. 2 root root 4096 Dec 8 2011 newcerts -rw-r--r--. 1 root root 1708 Aug 20 22:08 postfix_private.pem -rw-r--r--. 1 root root 1094 Aug 20 22:08 postfix_public.pem drwx------. 2 root root 4096 Aug 20 22:30 private everything is worked when I use command openssl ca, It can not wor well, just like [root@mtayd CA]# openssl ca -out postfix_cert.pem -infiles postfix_public.pem Using configuration from /etc/pki/tls/openssl.cnf Enter pass phrase for /etc/pki/CA/private/cakey.pem: unable to load certificate 140691216639816:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:698:Expecting: TRUSTED CERTIFICATE So it can not creat postfix_cert.pem. How can I fix it? Can I use postfix_public.pem as the file postfix_cert.pem? Thank you for your time! Tom
