LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 11-17-2003, 07:39 AM   #1
linuxturtle
Member
 
Registered: Apr 2002
Posts: 36

Rep: Reputation: 15
Trouble generating ssl certificates


I need to generate some ssl keys for a VPN package im trying to get going (OpenVPN). I have never generated keys before and it keeps failing on the third comand. This is what I am trying to do:

Code:
openssl req -nodes -new -x509 -keyout my-ca.key -out my-ca.crt -days 3650

openssl req -nodes -new -keyout office.key -out office.csr
openssl ca -out office.crt -in office.csr   <--------- this is where it fails!!!!
openssl req -nodes -new -keyout home.key -out home.csr
openssl ca -out home.crt -in home.csr


openssl dhparam -out dh1024.pem 1024
I type
Code:
openssl ca -out office.crt -in office.csr
at the console and I get the folowing error

Code:
[root@phantombox ssl]# openssl ca -out office.crt -in office.csr
Using configuration from /usr/share/ssl/openssl.cnf
Error opening CA private key ./demoCA/private/cakey.pem
26104:error:02001002:system library:fopen:No such file or directory:bss_file.c:259:fopen('./demoCA/private/cakey.pem','r')
26104:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:261:
unable to load CA private key
[root@phantombox ssl]# Error opening CA private key ./demoCA/private/cakey.pem
-bash: Error: command not found
I really could use some help. I am really stuck.
 
Old 11-18-2003, 10:18 PM   #2
DaveG
Member
 
Registered: Nov 2001
Location: London, UK
Distribution: Fedora 16
Posts: 160

Rep: Reputation: 43
Have you set up the CA keys yet?
bash# ./CA –newca
That should generate a new private key and certificate, initialise the serial number counter and certificate "database".
Files:
./demoCA/cacert.pem – the CA root certificate
./demoCA/private/cakey.pem – the CA root private key.
./demoCA/index.txt – database of certificates signed by the CA root certificate.
./demoCA/index.txt.old – backup database of certificates signed by the CA root certificate.
./demoCA/serial – contains the next serial number to use as ASCII text.
./demoCA/serial.old – backup of the next serial number to use as ASCII text.
./demoCA/newcerts – copy of all certificates signed by the CA root certificate. The file name is the certificate serial number.
./demoCA/newcerts/01.pem – copy of first certificate signed. etc.
./demoCA/crl/crl.pem – certificate revocation list.
 
Old 09-17-2004, 11:01 PM   #3
kennedy01
LQ Newbie
 
Registered: Nov 2003
Location: Georgia
Distribution: Slackware 10.1
Posts: 28

Rep: Reputation: 15
OpenVPN and SSL CA

Im having that EXACT issue. Im new to SSL and CA keys. What ever fixed this?
 
Old 09-19-2004, 09:23 AM   #4
jamrock
Member
 
Registered: Jan 2003
Location: Kingston, Jamaica
Posts: 444

Rep: Reputation: 41
I used this link to set up OpenSSL with OpenLDAP.

There is a section on generating your keys, etc.

http://www.openldap.org/pub/ksoper/O...TLS_howto.html
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SSL certificates the-chains Linux - Software 0 11-15-2004 08:12 PM
Generating server certificates and acting as own CA with OpenLDAP BedriddenTech Linux - Security 1 07-03-2004 05:16 PM
ssl certificates champ Linux - Security 2 04-05-2003 10:47 AM
ssl certificates Syncrm Linux - General 7 02-26-2003 11:01 AM
Multiple SSL Certificates Per IP Address dkochan Linux - General 1 03-05-2002 02:06 PM


All times are GMT -5. The time now is 12:16 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration