LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (http://www.linuxquestions.org/questions/linux-software-2/)
-   -   SSL errors, while trying to add a certificate (http://www.linuxquestions.org/questions/linux-software-2/ssl-errors-while-trying-to-add-a-certificate-942690/)

WoAnerges 05-01-2012 05:15 AM

SSL errors, while trying to add a certificate
 
So, I am following this guide, but when I try to execute this command
Code:

http://dev.antoinesolutions.com/openssl/certificate-authority
, I am getting these errors in response
Code:

# openssl req -config openssl.cnf -new -x509 -extensions v3_ca -keyout private/ca.key -out certs/ca.crt -days 3650
error on line -1 of openssl.cnf
140076597720904:error:02001002:system library:fopen:No such file or directory:bss_file.c:126:fopen('openssl.cnf','rb')
140076597720904:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:129:
140076597720904:error:0E078072:configuration file routines:DEF_LOAD:no such file:conf_def.c:197:


acid_kewpie 05-01-2012 05:23 AM

error pretty clearly states that there is no openssl.cnf file.

WoAnerges 05-01-2012 05:25 AM

I get it, but this error appears, when I am trying to create a certificate file.

acid_kewpie 05-01-2012 05:37 AM

right. but if the file doesn't exist, and you're telling it to use the file it's going to error, however much you don't want it to.

WoAnerges 05-01-2012 05:39 AM

So, you're saying, that guide might be missing steps?
Do I have to create these files manually? Just empty files, right?
Where should these files be created?

acid_kewpie 05-01-2012 05:42 AM

it's not missing anything, it's just presuming you have a config file you wish to use, which seems reasonable to me. if you don't have one specifically updated, the default one will probably suit you fine, just answer more default questions. remove "-config openssl.cnf" and try again. the default is /etc/pki/tls/openssl.cnf usually

WoAnerges 05-01-2012 05:45 AM

acid_kewpie,

I did it, I have deleted the -config openssl.cnf from the command, but there is another error, that is popping up.

Quote:

# openssl req -new -x509 -extensions v3_ca -keyout private/ca.key -out certs/ca.crt -days 3650
Generating a 2048 bit RSA private key
....................+++
.............................................................+++
writing new private key to 'private/ca.key'
private/ca.key: No such file or directory
140268652070728:error:02001002:system library:fopen:No such file or directory:bss_file.c:355:fopen('private/ca.key','w')
140268652070728:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:357:

acid_kewpie 05-01-2012 05:50 AM

thought about using a better guide?

that says there is no "private" directory.

WoAnerges 05-01-2012 05:52 AM

I just checked, there is a dir "private" at /etc/pki/CA/private

Do you know any nice guide, that could help me out with installing SSL\SHTP?

acid_kewpie 05-01-2012 06:05 AM

yes, that's where the directory should be, and you should already be in that directory... are you? and you're doing all this as root, right?

WoAnerges 05-01-2012 06:07 AM

acid_kewpie,

yes, I am doing it inside the private dir.


Quote:

[root@mycomputer private]# openssl req -new -x509 -extensions v3_ca -keyout private/ca.key -out certs/ca.crt -days 3650
Generating a 2048 bit RSA private key
.........................+++
......+++
writing new private key to 'private/ca.key'
private/ca.key: No such file or directory
140315191191368:error:02001002:system library:fopen:No such file or directory:bss_file.c:355:fopen('private/ca.key','w')
140315191191368:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:357:

Quote:

[root@mycomputer private]# service httpd start
Starting httpd: Syntax error on line 25 of /etc/httpd/conf.d/mycomputer.com.conf:
SSLCertificateFile: file '/etc/pki/CA/certs/mycomputer.com.crt' does not exist or is empty
[FAILED]

acid_kewpie 05-01-2012 06:09 AM

no, not there, as per the doc you linked, /etc/pki/CA

WoAnerges 05-01-2012 06:11 AM

ok, so I did cd .. and it look like, it worked, because it asks me for a passphrase.

WoAnerges 05-01-2012 06:17 AM

But, when I try to start httpd service, I still get this error


Quote:

# service httpd start
Starting httpd: Syntax error on line 25 of /etc/httpd/conf.d/mycomputer.com.conf:
SSLCertificateFile: file '/etc/pki/CA/certs/mycomputer.com.crt' does not exist or is empty

acid_kewpie 05-01-2012 06:20 AM

OK, you really need to start actually READING the errors, not just posting them... does it exist? is it empty?


All times are GMT -5. The time now is 10:09 PM.