I'm having problems creating SSL Certs for Postfix and Apache.
I'm following these instructions from
http://www.gentoo.org/doc/en/virt-mail-howto.xml
Code:
# cd /etc/ssl/
# nano -w openssl.cnf
// Change the following default values for your domain:
countryName_default
stateOrProvinceName_default
localityName_default
0.organizationName_default
commonName_default
emailAddress_default.
// If the variables are not already present, just add them in a sensible place.
# cd misc
# nano -w CA.pl
// We need to add -nodes to the # create a certificate and
// #create a certificate request code in order to let our new ssl
// certs be loaded without a password. Otherwise when you
// reboot your ssl certs will not be available.
# create a certificate
system ("$REQ -new -nodes -x509 -keyout newreq.pem -out newreq.pem $DAYS");
# create a certificate request
system ("$REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS");
# ./CA.pl -newca
# ./CA.pl -newreq
# ./CA.pl -sign
# cp newcert.pem /etc/postfix
# cp newreq.pem /etc/postfix
# cp demoCA/cacert.pem /etc/postfix
// Now we do the same thing for apache
# openssl req -new > new.cert.csr
# openssl rsa -in privkey.pem -out new.cert.key
# openssl x509 -in new.cert.csr -out new.cert.cert -req -signkey new.cert.key -days 365
// Just leave the resulting certificates here for now.
// We'll install them after Apache is installed.
Every thing seems to work until I get too ./CA.pl -sign
when I run it I get
Code:
Using configuration from /etc/ssl/openssl.cnf
unable to load CA private key
10072:error:0E06D06C:configuration file routines:NCONF_get_string:no value:conf_lib.c:329:group=CA_default name=unique_subject
10072:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:637:Expecting: ANY PRIVATE KEY
Signed certificate is in newcert.pem
I'm not sure why I'm having this problem. I've redone all the steps fromt he documentation multiple times trying to figure it out ... Any help is appreciated.