LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 10-22-2004, 11:16 AM   #1
paintcheck200
Member
 
Registered: Sep 2003
Location: Michigan
Distribution: Gentoo, Knoppix
Posts: 69

Rep: Reputation: 15
SSL Cert Generation Problem


I'm having problems creating SSL Certs for Postfix and Apache.

I'm following these instructions from http://www.gentoo.org/doc/en/virt-mail-howto.xml

Code:
# cd /etc/ssl/
# nano -w openssl.cnf

// Change the following default values for your domain:
countryName_default
stateOrProvinceName_default
localityName_default
0.organizationName_default
commonName_default
emailAddress_default.

// If the variables are not already present, just add them in a sensible place.


# cd misc
# nano -w CA.pl
// We need to add -nodes to the # create a certificate and
// #create a certificate request code in order to let our new ssl
// certs be loaded without a password. Otherwise when you
// reboot your ssl certs will not be available.

# create a certificate
system ("$REQ -new -nodes -x509 -keyout newreq.pem -out newreq.pem $DAYS");

# create a certificate request
system ("$REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS");
		
# ./CA.pl -newca
# ./CA.pl -newreq
# ./CA.pl -sign
# cp newcert.pem /etc/postfix
# cp newreq.pem /etc/postfix
# cp demoCA/cacert.pem /etc/postfix
// Now we do the same thing for apache

# openssl req -new > new.cert.csr
# openssl rsa -in privkey.pem -out new.cert.key
# openssl x509 -in new.cert.csr -out new.cert.cert -req -signkey new.cert.key -days 365
// Just leave the resulting certificates here for now.
// We'll install them after Apache is installed.
Every thing seems to work until I get too ./CA.pl -sign

when I run it I get

Code:
Using configuration from /etc/ssl/openssl.cnf
unable to load CA private key
10072:error:0E06D06C:configuration file routines:NCONF_get_string:no value:conf_lib.c:329:group=CA_default name=unique_subject
10072:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:637:Expecting: ANY PRIVATE KEY
Signed certificate is in newcert.pem
I'm not sure why I'm having this problem. I've redone all the steps fromt he documentation multiple times trying to figure it out ... Any help is appreciated.

 
Old 07-06-2009, 03:59 PM   #2
Jason_Bassett
LQ Newbie
 
Registered: Oct 2005
Location: Thurrock, Essex, England
Distribution: Gentoo
Posts: 12

Rep: Reputation: 0
Same issue...

Hello

Did you manage to sort out your issue? If so can you let me know how please, I have the same problem.

Thankyou

Jason

Last edited by Jason_Bassett; 08-19-2010 at 09:00 AM.
 
Old 07-06-2009, 04:12 PM   #3
paintcheck200
Member
 
Registered: Sep 2003
Location: Michigan
Distribution: Gentoo, Knoppix
Posts: 69

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by Jason_Bassett View Post

Did you manage to sort out your issue?
I believe so, but it was so long ago, I don't remember. Sorry I didn't update the thread at the time.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
vsftp SSL cert errors dharm Linux - Security 3 05-22-2006 09:25 PM
installing ssl cert kwickcut Mandriva 4 09-25-2005 02:27 PM
SSL sign cert error Giallo998 Linux - Networking 1 04-25-2005 10:06 AM
Qmail ssl cert eltonmou Linux - Software 0 08-18-2004 07:48 AM
Webmin SSL Cert hakcenter Linux - Security 4 10-22-2003 05:21 PM


All times are GMT -5. The time now is 04:03 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration