LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   evolution setup assistant in ubuntu (https://www.linuxquestions.org/questions/linux-newbie-8/evolution-setup-assistant-in-ubuntu-823461/)

Xanios 08-02-2010 04:49 AM

Hi Eric,

i typed sudo rm -r cacert.pem

Code:

xanios@ubuntu:~/demoCA$ sudo rm -r cacert.pem
the certificate still remains.

Code:

xanios@ubuntu:~/demoCA$ cat /etc/ssl/openssl.cnf | grep CA
default_ca        = CA_default                # The default ca section
[ CA_default ]
dir                = ./demoCA                # Where everything is kept
certificate        = $dir/cacert.pem        # The CA certificate
# For type CA, the listed attributes must be the same, and the optional
# For the CA policy
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
basicConstraints = CA:FALSE
# Extensions for a typical CA
#basicConstraints = critical,CA:true
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# nsCertType = sslCA, emailCA
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE


Xanios 08-02-2010 04:50 AM

Quote:

Originally Posted by linuxlover.chaitanya (Post 4052418)
You are still deleting the file from /etc/ssl/CA directory. You need to delete file from demoCA directory.

cd to demoCA with
cd demoCA and now
rm -v cacert.pem

it gave me:

Code:

xanios@ubuntu:~$ cd demoCA
xanios@ubuntu:~/demoCA$ rm -v cacert.pem
rm: cannot remove `cacert.pem': No such file or directory


linuxlover.chaitanya 08-02-2010 04:52 AM

Now if you have already deleted it, you will get the error.

EricTRA 08-02-2010 04:54 AM

Hi,

Do another ls in the demoCA directory to check if it's gone or not.
Code:

ls -al
when in the demoCA directory.

Kind regards,

Eric

Xanios 08-02-2010 04:54 AM

Hi Chaitanya,

Nope, still not deleted. i check it using cat /etc/ssl/openssl.cnf | grep CA and it is still there:

Code:

[ CA_default ]
dir                = ./demoCA                # Where everything is kept
certificate        = $dir/cacert.pem        # The CA certificate


Xanios 08-02-2010 04:56 AM

Hi Eric,

it is still there

Code:

-rw-r--r--  1 xanios xanios  704 2010-08-02 00:43 careq.pem

EricTRA 08-02-2010 04:58 AM

Quote:

Originally Posted by Xanios (Post 4052431)
Hi Eric,

it is still there

Code:

-rw-r--r--  1 xanios xanios  704 2010-08-02 00:43 careq.pem

Hi,

That's another file. The certificate is cacert.pem. careq.pem is the file used for a certificate request.

If cacert.pem is not in the demoCA directory then you can create a new one as you did before.

Kind regards,

Eric

Xanios 08-02-2010 04:58 AM

Hi,

Code:

xanios@ubuntu:~/demoCA$ ls -al
total 40
drwxr-xr-x  6 xanios xanios 4096 2010-08-02 02:51 .
drwxr-xr-x 41 xanios xanios 4096 2010-08-02 00:44 ..
-rw-r--r--  1 xanios xanios  704 2010-08-02 00:43 careq.pem
drwxr-xr-x  2 xanios xanios 4096 2010-08-02 00:41 certs
drwxr-xr-x  2 xanios xanios 4096 2010-08-02 00:41 crl
-rw-r--r--  1 xanios xanios    3 2010-08-02 02:57 crlnumber
-rw-r--r--  1 xanios xanios    0 2010-08-02 02:57 index.txt
-rw-r--r--  1 xanios xanios  21 2010-08-02 00:43 index.txt.attr
-rw-r--r--  1 xanios xanios    0 2010-08-02 00:41 index.txt.old
drwxr-xr-x  2 xanios xanios 4096 2010-08-02 00:43 newcerts
drwxr-xr-x  2 xanios xanios 4096 2010-08-02 00:41 private
-rw-r--r--  1 xanios xanios  17 2010-08-02 00:43 serial

i still cannot create a new one, means it is still there.

EricTRA 08-02-2010 05:00 AM

Quote:

Originally Posted by Xanios (Post 4052428)
Hi Chaitanya,

Nope, still not deleted. i check it using cat /etc/ssl/openssl.cnf | grep CA and it is still there:

Code:

[ CA_default ]
dir                = ./demoCA                # Where everything is kept
certificate        = $dir/cacert.pem        # The CA certificate


Hello,

This command doesn't tell you anything about the file itself. The only thing this command:
Code:

cat /etc/ssl/openssl.cnf | grep CA
does is show you the content of openssl.conf (cat command) and only those lines that contain CA (the grep part) in them.

Kind regards,

Eric

EricTRA 08-02-2010 05:02 AM

Quote:

Originally Posted by Xanios (Post 4052437)
Hi,

Code:

xanios@ubuntu:~/demoCA$ ls -al
total 40
drwxr-xr-x  6 xanios xanios 4096 2010-08-02 02:51 .
drwxr-xr-x 41 xanios xanios 4096 2010-08-02 00:44 ..
-rw-r--r--  1 xanios xanios  704 2010-08-02 00:43 careq.pem
drwxr-xr-x  2 xanios xanios 4096 2010-08-02 00:41 certs
drwxr-xr-x  2 xanios xanios 4096 2010-08-02 00:41 crl
-rw-r--r--  1 xanios xanios    3 2010-08-02 02:57 crlnumber
-rw-r--r--  1 xanios xanios    0 2010-08-02 02:57 index.txt
-rw-r--r--  1 xanios xanios  21 2010-08-02 00:43 index.txt.attr
-rw-r--r--  1 xanios xanios    0 2010-08-02 00:41 index.txt.old
drwxr-xr-x  2 xanios xanios 4096 2010-08-02 00:43 newcerts
drwxr-xr-x  2 xanios xanios 4096 2010-08-02 00:41 private
-rw-r--r--  1 xanios xanios  17 2010-08-02 00:43 serial

i still cannot create a new one, means it is still there.

Hello,

OK, the drastic approach then ;)

Run the following:
Code:

cd
followed by <ENTER> that takes you back to your home directory. Then:
Code:

sudo rm -r demoCA
That will delete the complete demoCA directory after which you will be able to recreate your certificate from zero.

Kind regards,

Eric

Xanios 08-02-2010 05:03 AM

Hi,

but i still can't create the certificate?

Code:

xanios@ubuntu:~$ /usr/lib/ssl/misc/CA.pl -newca
xanios@ubuntu:~$

by right it should ask me to 'create a certificate..' but it didn't

Xanios 08-02-2010 05:05 AM

Quote:

Originally Posted by EricTRA (Post 4052442)
Hello,

OK, the drastic approach then ;)

Run the following:
Code:

cd
followed by <ENTER> that takes you back to your home directory. Then:
Code:

sudo rm -r demoCA
That will delete the complete demoCA directory after which you will be able to recreate your certificate from zero.

Kind regards,

Eric

Hi,

Okay. That did it. :)
But i wonder how come in the earlier approaches we can't seem to get the certificate deleted. =/ it's so weird.

Anyway, will continue to configure gmail for postfix, hopefully it works :) do wait for my latest update LOL =X

Thank you to both Eric and Chaitanya *thumbs-up- (:

EricTRA 08-02-2010 05:10 AM

Quote:

Originally Posted by Xanios (Post 4052447)
Hi,

Okay. That did it. :)
But i wonder how come in the earlier approaches we can't seem to get the certificate deleted. =/ it's so weird.

Anyway, will continue to configure gmail for postfix, hopefully it works :) do wait for my latest update LOL =X

Thank you to both Eric and Chaitanya *thumbs-up- (:

Hi,

I don't know exactly what the CA.pl script controls (have to read it to find out) in order to determine if a certificate exists or not. Most important is that you got it deleted and can start over again.

Good luck and someone is always around here on LQ to help out, so don't worry about that :)

Kind regards,

Eric

Xanios 08-02-2010 05:14 AM

Hi again,

You guys are really helpful, appreciated it lots :)

Lol sorry for the trouble but now i encountered a problem:

Code:

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
xanios@ubuntu:~$ cp demoCA/cacert.pem FOO-key.pem FOO-cert.pem /etc/postfix
cp: cannot create regular file `/etc/postfix/cacert.pem': Permission denied
cp: cannot create regular file `/etc/postfix/FOO-key.pem': Permission denied
cp: cannot create regular file `/etc/postfix/FOO-cert.pem': Permission denied
xanios@ubuntu:~$

Am supposed to copy them to the /etc/postfix directory as mentioned in the last link you've provided :)

Xanios 08-02-2010 05:19 AM

Oops, sorry i forgot to put 'sudo'. Too agitated while doing LOL


All times are GMT -5. The time now is 12:51 AM.