LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking > Linux - Wireless Networking
User Name
Password
Linux - Wireless Networking This forum is for the discussion of wireless networking in Linux.

Notices

Reply
 
LinkBack Search this Thread
Old 04-21-2008, 10:13 AM   #1
saman
Member
 
Registered: Oct 2007
Posts: 49

Rep: Reputation: 13
Generate CA help


Hi

I need help to generate certificate or EAP/TLS authentication.
Here I got error when I run the command #./CA.all

+ SSL=/usr/local/ssl
+ export PATH=/usr/local/ssl/bin/:/usr/local/ssl/ssl/misc:/usr/kerberos/sbin:/us r/kerberos/bin:/usr/local/bin:/usr/bin:/bin:/usr/X11R6/bin:/home/saman/bin
+ PATH=/usr/local/ssl/bin/:/usr/local/ssl/ssl/misc:/usr/kerberos/sbin:/usr/kerbe ros/bin:/usr/local/bin:/usr/bin:/bin:/usr/X11R6/bin:/home/saman/bin
+ export LD_LIBRARY_PATH=/usr/local/ssl/lib
+ LD_LIBRARY_PATH=/usr/local/ssl/lib
+ rm -rf demoCA 'roo*' 'cert*' newreq.pem '*.der'
+ echo -e ''

+ echo -e '\t\t##################'
##################
+ echo -e '\t\tcreate private key'
create private key
+ echo -e '\t\tname : name-root'
name : name-root
+ echo -e '\t\tCA.pl -newcert'
CA.pl -newcert
+ echo -e '\t\t##################\n'
##################

+ openssl req -new -x509 -keyout newreq.pem -out newreq.pem -days 730 -passin pa ss:whatever -passout pass:whatever
Generating a 1024 bit RSA private key
.........++++++
...++++++
writing new private key to 'newreq.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) []:.
State or Province Name (full name) []:.
Locality Name (eg, city) []:.
Organization Name (eg, company) []:.
Organizational Unit Name (eg, section) []:.
Common Name (eg, your name or your server's hostname) []:.
emailAddress []:.
+ echo -e ''

+ echo -e '\t\t##################'
##################
+ echo -e '\t\tcreate CA'
create CA
+ echo -e '\t\tuse just created '\''newreq.pem'\'' private key as filename'
use just created 'newreq.pem' private key as filename
+ echo -e '\t\tCA.pl -newca'
CA.pl -newca
+ echo -e '\t\t##################\n'
##################

+ echo newreq.pem
+ /usr/local/ssl/misc/CA.pl -newca
./CA.all: line 32: /usr/local/ssl/misc/CA.pl: No such file or directory
+ echo -e ''

+ echo -e '\t\t##################'
##################
+ echo -e '\t\texporting ROOT CA'
exporting ROOT CA
+ echo -e '\t\tCA.pl -newreq'
CA.pl -newreq
+ echo -e '\t\tCA.pl -signreq'
CA.pl -signreq
+ echo -e '\t\topenssl pkcs12 -export -in demoCA/cacert.pem -inkey newreq.pem -o ut root.pem'
openssl pkcs12 -export -in demoCA/cacert.pem -inkey newreq.pem - out root.pem
+ echo -e '\t\topenssl pkcs12 -in root.cer -out root.pem'
openssl pkcs12 -in root.cer -out root.pem
+ echo -e '\t\t##################\n'
##################

+ openssl pkcs12 -export -in demoCA/cacert.pem -inkey newreq.pem -out root.p12 - cacerts -passin pass:whatever -passout pass:whatever
Error opening input file demoCA/cacert.pem
demoCA/cacert.pem: No such file or directory
+ openssl pkcs12 -in root.p12 -out root.pem -passin pass:whatever -passout pass: whatever
Error opening input file root.p12
root.p12: No such file or directory
+ openssl x509 -inform PEM -outform DER -in root.pem -out root.der
Error opening Certificate root.pem
4375:error:02001002:system library:fopen:No such file or directory:bss_file.c:25 9:fopen('root.pem','r')
4375:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:261:
unable to load certificate
+ echo -e ''

+ echo -e '\t\t##################'
##################
+ echo -e '\t\tcreating client certificate'
creating client certificate
+ echo -e '\t\tname : name-clt'
name : name-clt
+ echo -e '\t\tclient certificate stored as cert-clt.pem'
client certificate stored as cert-clt.pem
+ echo -e '\t\tCA.pl -newreq'
CA.pl -newreq
+ echo -e '\t\tCA.pl -signreq'
CA.pl -signreq
+ echo -e '\t\t##################\n'
##################

+ openssl req -new -keyout newreq.pem -out newreq.pem -days 730 -passin pass:wha tever -passout pass:whatever
Generating a 1024 bit RSA private key
................++++++
................................................................................ ............................................................++++++
writing new private key to 'newreq.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) []:.
State or Province Name (full name) []:.
Locality Name (eg, city) []:.
Organization Name (eg, company) []:.
Organizational Unit Name (eg, section) []:.
Common Name (eg, your name or your server's hostname) []:.
emailAddress []:.

Please enter the following 'extra' attributes
to be sent with your certificate request

+ openssl ca -policy policy_anything -out newcert.pem -passin pass:whatever -key whatever -extensions xpclient_ext -extfile xpextensions -infiles newreq.pem
Using configuration from /usr/share/ssl/openssl.cnf
Error opening CA private key ./demoCA/private/cakey.pem
4377:error:02001002:system library:fopen:No such file or directory:bss_file.c:25 9:fopen('./demoCA/private/cakey.pem','r')
4377:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:261:
unable to load CA private key
+ openssl pkcs12 -export -in newcert.pem -inkey newreq.pem -out cert-clt.p12 -cl certs -passin pass:whatever -passout pass:whatever
Error opening input file newcert.pem
newcert.pem: No such file or directory
+ openssl pkcs12 -in cert-clt.p12 -out cert-clt.pem -passin pass:whatever -passo ut pass:whatever
Error opening input file cert-clt.p12
cert-clt.p12: No such file or directory
+ openssl x509 -inform PEM -outform DER -in cert-clt.pem -out cert-clt.der
Error opening Certificate cert-clt.pem
4380:error:02001002:system library:fopen:No such file or directory:bss_file.c:25 9:fopen('cert-clt.pem','r')
4380:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:261:
unable to load certificate
+ echo -e ''

+ echo -e '\t\t##################'
##################
+ echo -e '\t\tcreating server certificate'
creating server certificate
+ echo -e '\t\tname : name-srv'
name : name-srv
+ echo -e '\t\tserver certificate stored as cert-srv.pem'
server certificate stored as cert-srv.pem
+ echo -e '\t\tCA.pl -newreq'
CA.pl -newreq
+ echo -e '\t\tCA.pl -signreq'
CA.pl -signreq
+ echo -e '\t\t##################\n'
##################

+ openssl req -new -keyout newreq.pem -out newreq.pem -days 730 -passin pass:wha tever -passout pass:whatever
Generating a 1024 bit RSA private key
....................................++++++
......................++++++
writing new private key to 'newreq.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) []:.
State or Province Name (full name) []:.
Locality Name (eg, city) []:.
Organization Name (eg, company) []:.
Organizational Unit Name (eg, section) []:.
Common Name (eg, your name or your server's hostname) []:.
emailAddress []:.

Please enter the following 'extra' attributes
to be sent with your certificate request

+ openssl ca -policy policy_anything -out newcert.pem -passin pass:whatever -key whatever -extensions xpserver_ext -extfile xpextensions -infiles newreq.pem
Using configuration from /usr/share/ssl/openssl.cnf
Error opening CA private key ./demoCA/private/cakey.pem
4382:error:02001002:system library:fopen:No such file or directory:bss_file.c:25 9:fopen('./demoCA/private/cakey.pem','r')
4382:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:261:
unable to load CA private key
+ openssl pkcs12 -export -in newcert.pem -inkey newreq.pem -out cert-srv.p12 -cl certs -passin pass:whatever -passout pass:whatever
Error opening input file newcert.pem
newcert.pem: No such file or directory
+ openssl pkcs12 -in cert-srv.p12 -out cert-srv.pem -passin pass:whatever -passo ut pass:whatever
Error opening input file cert-srv.p12
cert-srv.p12: No such file or directory
+ openssl x509 -inform PEM -outform DER -in cert-srv.pem -out cert-srv.der
Error opening Certificate cert-srv.pem
4385:error:02001002:system library:fopen:No such file or directory:bss_file.c:25 9:fopen('cert-srv.pem','r')
4385:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:261:
unable to load certificate
+ echo -e '\n\t\t##################\n'

##################

all the file are in
/usr/share/doc/radiusd/raddb/certs/demoCA
/usr/src/freeradius/freeradius-1.1.7/raddb/certs/demoCA
/usr/src/freeradius/freeradius-1.1.7/raddb/certs/demoCA/index.txt
/usr/src/freeradius/freeradius-1.1.7/raddb/certs/demoCA/index.txt.old
/usr/src/freeradius/freeradius-1.1.7/raddb/certs/demoCA/serial
/usr/src/freeradius/freeradius-1.1.7/raddb/certs/demoCA/serial.old
/usr/src/freeradius/freeradius-1.1.7/raddb/certs/demoCA/cacert.pem
/usr/src/freeradius/freeradius-1.1.7/raddb/certs/demoCA
/etc/raddb/certs/demoCA

Where did I get wrong?
Should I add in the PATH=/usr/share/freeradius/freeradius-1.1.7/raddb/certs

Help appreciated!
 
Old 04-22-2008, 05:25 AM   #2
saman
Member
 
Registered: Oct 2007
Posts: 49

Original Poster
Rep: Reputation: 13
[root@marsindo scripts]# ./Ca.certs
bash: ./Ca.certs: No such file or directory
[root@marsindo scripts]# ./CA.certs

##################
create private key
name : name-root
CA.pl -newcert
##################

Generating a 1024 bit RSA private key
..................................++++++
...++++++
writing new private key to 'newreq.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) []:State or Province Name (full name) []:Locality Name (eg, city) []:Organization Name (eg, company) []:Organizational Unit Name (eg, section) []:Common Name (eg, your name or your server's hostname) []:[]:
##################
create CA
use just created 'newreq.pem' private key as filename
CA.pl -newca
##################

./CA.certs: line 85: CA.pl: command not found
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
generate certificate Ameii83 Linux - Newbie 2 06-11-2006 11:51 PM
how to generate connections dudulz Linux - General 0 03-02-2006 12:54 AM
how to generate .so abd_bela Programming 1 01-31-2006 04:12 AM
/etc/profile (how to generate) JesseMor Linux - General 5 01-26-2006 06:28 PM
how often to the searches generate? microsoft/linux LQ Suggestions & Feedback 1 01-13-2006 04:46 PM


All times are GMT -5. The time now is 05:34 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration