LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 05-01-2012, 04:15 AM   #1
WoAnerges
Member
 
Registered: Apr 2012
Posts: 50

Rep: Reputation: Disabled
Question SSL errors, while trying to add a certificate


So, I am following this guide, but when I try to execute this command
Code:
http://dev.antoinesolutions.com/openssl/certificate-authority
, I am getting these errors in response
Code:
# openssl req -config openssl.cnf -new -x509 -extensions v3_ca -keyout private/ca.key -out certs/ca.crt -days 3650
error on line -1 of openssl.cnf
140076597720904:error:02001002:system library:fopen:No such file or directory:bss_file.c:126:fopen('openssl.cnf','rb')
140076597720904:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:129:
140076597720904:error:0E078072:configuration file routines:DEF_LOAD:no such file:conf_def.c:197:
 
Old 05-01-2012, 04:23 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,414

Rep: Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966
error pretty clearly states that there is no openssl.cnf file.
 
Old 05-01-2012, 04:25 AM   #3
WoAnerges
Member
 
Registered: Apr 2012
Posts: 50

Original Poster
Rep: Reputation: Disabled
I get it, but this error appears, when I am trying to create a certificate file.
 
Old 05-01-2012, 04:37 AM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,414

Rep: Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966
right. but if the file doesn't exist, and you're telling it to use the file it's going to error, however much you don't want it to.
 
Old 05-01-2012, 04:39 AM   #5
WoAnerges
Member
 
Registered: Apr 2012
Posts: 50

Original Poster
Rep: Reputation: Disabled
So, you're saying, that guide might be missing steps?
Do I have to create these files manually? Just empty files, right?
Where should these files be created?

Last edited by WoAnerges; 05-01-2012 at 04:42 AM.
 
Old 05-01-2012, 04:42 AM   #6
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,414

Rep: Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966
it's not missing anything, it's just presuming you have a config file you wish to use, which seems reasonable to me. if you don't have one specifically updated, the default one will probably suit you fine, just answer more default questions. remove "-config openssl.cnf" and try again. the default is /etc/pki/tls/openssl.cnf usually
 
1 members found this post helpful.
Old 05-01-2012, 04:45 AM   #7
WoAnerges
Member
 
Registered: Apr 2012
Posts: 50

Original Poster
Rep: Reputation: Disabled
acid_kewpie,

I did it, I have deleted the -config openssl.cnf from the command, but there is another error, that is popping up.

Quote:
# openssl req -new -x509 -extensions v3_ca -keyout private/ca.key -out certs/ca.crt -days 3650
Generating a 2048 bit RSA private key
....................+++
.............................................................+++
writing new private key to 'private/ca.key'
private/ca.key: No such file or directory
140268652070728:error:02001002:system library:fopen:No such file or directory:bss_file.c:355:fopen('private/ca.key','w')
140268652070728:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:357:
 
Old 05-01-2012, 04:50 AM   #8
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,414

Rep: Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966
thought about using a better guide?

that says there is no "private" directory.
 
1 members found this post helpful.
Old 05-01-2012, 04:52 AM   #9
WoAnerges
Member
 
Registered: Apr 2012
Posts: 50

Original Poster
Rep: Reputation: Disabled
I just checked, there is a dir "private" at /etc/pki/CA/private

Do you know any nice guide, that could help me out with installing SSL\SHTP?

Last edited by WoAnerges; 05-01-2012 at 04:53 AM.
 
Old 05-01-2012, 05:05 AM   #10
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,414

Rep: Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966
yes, that's where the directory should be, and you should already be in that directory... are you? and you're doing all this as root, right?
 
1 members found this post helpful.
Old 05-01-2012, 05:07 AM   #11
WoAnerges
Member
 
Registered: Apr 2012
Posts: 50

Original Poster
Rep: Reputation: Disabled
acid_kewpie,

yes, I am doing it inside the private dir.


Quote:
[root@mycomputer private]# openssl req -new -x509 -extensions v3_ca -keyout private/ca.key -out certs/ca.crt -days 3650
Generating a 2048 bit RSA private key
.........................+++
......+++
writing new private key to 'private/ca.key'
private/ca.key: No such file or directory
140315191191368:error:02001002:system library:fopen:No such file or directory:bss_file.c:355:fopen('private/ca.key','w')
140315191191368:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:357:

Quote:
[root@mycomputer private]# service httpd start
Starting httpd: Syntax error on line 25 of /etc/httpd/conf.d/mycomputer.com.conf:
SSLCertificateFile: file '/etc/pki/CA/certs/mycomputer.com.crt' does not exist or is empty
[FAILED]

Last edited by WoAnerges; 05-01-2012 at 05:09 AM.
 
Old 05-01-2012, 05:09 AM   #12
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,414

Rep: Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966
no, not there, as per the doc you linked, /etc/pki/CA
 
1 members found this post helpful.
Old 05-01-2012, 05:11 AM   #13
WoAnerges
Member
 
Registered: Apr 2012
Posts: 50

Original Poster
Rep: Reputation: Disabled
ok, so I did cd .. and it look like, it worked, because it asks me for a passphrase.

Last edited by WoAnerges; 05-01-2012 at 05:17 AM.
 
Old 05-01-2012, 05:17 AM   #14
WoAnerges
Member
 
Registered: Apr 2012
Posts: 50

Original Poster
Rep: Reputation: Disabled
But, when I try to start httpd service, I still get this error


Quote:
# service httpd start
Starting httpd: Syntax error on line 25 of /etc/httpd/conf.d/mycomputer.com.conf:
SSLCertificateFile: file '/etc/pki/CA/certs/mycomputer.com.crt' does not exist or is empty
 
Old 05-01-2012, 05:20 AM   #15
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,414

Rep: Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966
OK, you really need to start actually READING the errors, not just posting them... does it exist? is it empty?
 
  


Reply

Tags
certificate, error, ssl


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ssl certificate help Norse Linux - Security 4 07-01-2011 07:11 AM
How to import/use CAcert SSL root certificate to use SSL with Xchat IRC client? GrapefruiTgirl Linux - Software 9 04-05-2011 09:54 AM
Apache with SSL does not load the 2nd SSL certificate janstapel Linux - Newbie 1 06-17-2010 09:32 PM
ssl certificate nagavinodh Linux - Newbie 1 11-05-2009 07:43 AM
SSL Certificate The_JinJ Linux - General 1 03-21-2005 11:46 PM


All times are GMT -5. The time now is 03:01 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration