Help answer threads with 0 replies.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 11-17-2003, 07:39 AM   #1
Registered: Apr 2002
Posts: 36

Rep: Reputation: 15
Trouble generating ssl certificates

I need to generate some ssl keys for a VPN package im trying to get going (OpenVPN). I have never generated keys before and it keeps failing on the third comand. This is what I am trying to do:

openssl req -nodes -new -x509 -keyout my-ca.key -out my-ca.crt -days 3650

openssl req -nodes -new -keyout office.key -out office.csr
openssl ca -out office.crt -in office.csr   <--------- this is where it fails!!!!
openssl req -nodes -new -keyout home.key -out home.csr
openssl ca -out home.crt -in home.csr

openssl dhparam -out dh1024.pem 1024
I type
openssl ca -out office.crt -in office.csr
at the console and I get the folowing error

[root@phantombox ssl]# openssl ca -out office.crt -in office.csr
Using configuration from /usr/share/ssl/openssl.cnf
Error opening CA private key ./demoCA/private/cakey.pem
26104:error:02001002:system library:fopen:No such file or directory:bss_file.c:259:fopen('./demoCA/private/cakey.pem','r')
26104:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:261:
unable to load CA private key
[root@phantombox ssl]# Error opening CA private key ./demoCA/private/cakey.pem
-bash: Error: command not found
I really could use some help. I am really stuck.
Old 11-18-2003, 10:18 PM   #2
Registered: Nov 2001
Location: London, UK
Distribution: Fedora
Posts: 161

Rep: Reputation: 43
Have you set up the CA keys yet?
bash# ./CA –newca
That should generate a new private key and certificate, initialise the serial number counter and certificate "database".
./demoCA/cacert.pem – the CA root certificate
./demoCA/private/cakey.pem – the CA root private key.
./demoCA/index.txt – database of certificates signed by the CA root certificate.
./demoCA/index.txt.old – backup database of certificates signed by the CA root certificate.
./demoCA/serial – contains the next serial number to use as ASCII text.
./demoCA/serial.old – backup of the next serial number to use as ASCII text.
./demoCA/newcerts – copy of all certificates signed by the CA root certificate. The file name is the certificate serial number.
./demoCA/newcerts/01.pem – copy of first certificate signed. etc.
./demoCA/crl/crl.pem – certificate revocation list.
Old 09-17-2004, 11:01 PM   #3
LQ Newbie
Registered: Nov 2003
Location: Georgia
Distribution: Slackware 10.1
Posts: 28

Rep: Reputation: 15
OpenVPN and SSL CA

Im having that EXACT issue. Im new to SSL and CA keys. What ever fixed this?
Old 09-19-2004, 09:23 AM   #4
Registered: Jan 2003
Location: Kingston, Jamaica
Posts: 444

Rep: Reputation: 41
I used this link to set up OpenSSL with OpenLDAP.

There is a section on generating your keys, etc.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
SSL certificates the-chains Linux - Software 0 11-15-2004 08:12 PM
Generating server certificates and acting as own CA with OpenLDAP BedriddenTech Linux - Security 1 07-03-2004 05:16 PM
ssl certificates champ Linux - Security 2 04-05-2003 10:47 AM
ssl certificates Syncrm Linux - General 7 02-26-2003 11:01 AM
Multiple SSL Certificates Per IP Address dkochan Linux - General 1 03-05-2002 02:06 PM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 01:08 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration