LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Wireless Networking (https://www.linuxquestions.org/questions/linux-wireless-networking-41/)
-   -   Generate CA help (https://www.linuxquestions.org/questions/linux-wireless-networking-41/generate-ca-help-636798/)

saman 04-21-2008 10:13 AM
Generate CA help
 
Hi

I need help to generate certificate or EAP/TLS authentication.
Here I got error when I run the command #./CA.all

+ SSL=/usr/local/ssl
+ export PATH=/usr/local/ssl/bin/:/usr/local/ssl/ssl/misc:/usr/kerberos/sbin:/us r/kerberos/bin:/usr/local/bin:/usr/bin:/bin:/usr/X11R6/bin:/home/saman/bin
+ PATH=/usr/local/ssl/bin/:/usr/local/ssl/ssl/misc:/usr/kerberos/sbin:/usr/kerbe ros/bin:/usr/local/bin:/usr/bin:/bin:/usr/X11R6/bin:/home/saman/bin
+ export LD_LIBRARY_PATH=/usr/local/ssl/lib
+ LD_LIBRARY_PATH=/usr/local/ssl/lib
+ rm -rf demoCA 'roo*' 'cert*' newreq.pem '*.der'
+ echo -e ''

+ echo -e '\t\t##################'
##################
+ echo -e '\t\tcreate private key'
create private key
+ echo -e '\t\tname : name-root'
name : name-root
+ echo -e '\t\tCA.pl -newcert'
CA.pl -newcert
+ echo -e '\t\t##################\n'
##################

+ openssl req -new -x509 -keyout newreq.pem -out newreq.pem -days 730 -passin pa ss:whatever -passout pass:whatever
Generating a 1024 bit RSA private key
.........++++++
...++++++
writing new private key to 'newreq.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) []:.
State or Province Name (full name) []:.
Locality Name (eg, city) []:.
Organization Name (eg, company) []:.
Organizational Unit Name (eg, section) []:.
Common Name (eg, your name or your server's hostname) []:.
emailAddress []:.
+ echo -e ''

+ echo -e '\t\t##################'
##################
+ echo -e '\t\tcreate CA'
create CA
+ echo -e '\t\tuse just created '\''newreq.pem'\'' private key as filename'
use just created 'newreq.pem' private key as filename
+ echo -e '\t\tCA.pl -newca'
CA.pl -newca
+ echo -e '\t\t##################\n'
##################

+ echo newreq.pem
+ /usr/local/ssl/misc/CA.pl -newca
./CA.all: line 32: /usr/local/ssl/misc/CA.pl: No such file or directory
+ echo -e ''

+ echo -e '\t\t##################'
##################
+ echo -e '\t\texporting ROOT CA'
exporting ROOT CA
+ echo -e '\t\tCA.pl -newreq'
CA.pl -newreq
+ echo -e '\t\tCA.pl -signreq'
CA.pl -signreq
+ echo -e '\t\topenssl pkcs12 -export -in demoCA/cacert.pem -inkey newreq.pem -o ut root.pem'
openssl pkcs12 -export -in demoCA/cacert.pem -inkey newreq.pem - out root.pem
+ echo -e '\t\topenssl pkcs12 -in root.cer -out root.pem'
openssl pkcs12 -in root.cer -out root.pem
+ echo -e '\t\t##################\n'
##################

+ openssl pkcs12 -export -in demoCA/cacert.pem -inkey newreq.pem -out root.p12 - cacerts -passin pass:whatever -passout pass:whatever
Error opening input file demoCA/cacert.pem
demoCA/cacert.pem: No such file or directory
+ openssl pkcs12 -in root.p12 -out root.pem -passin pass:whatever -passout pass: whatever
Error opening input file root.p12
root.p12: No such file or directory
+ openssl x509 -inform PEM -outform DER -in root.pem -out root.der
Error opening Certificate root.pem
4375:error:02001002:system library:fopen:No such file or directory:bss_file.c:25 9:fopen('root.pem','r')
4375:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:261:
unable to load certificate
+ echo -e ''

+ echo -e '\t\t##################'
##################
+ echo -e '\t\tcreating client certificate'
creating client certificate
+ echo -e '\t\tname : name-clt'
name : name-clt
+ echo -e '\t\tclient certificate stored as cert-clt.pem'
client certificate stored as cert-clt.pem
+ echo -e '\t\tCA.pl -newreq'
CA.pl -newreq
+ echo -e '\t\tCA.pl -signreq'
CA.pl -signreq
+ echo -e '\t\t##################\n'
##################

+ openssl req -new -keyout newreq.pem -out newreq.pem -days 730 -passin pass:wha tever -passout pass:whatever
Generating a 1024 bit RSA private key
................++++++
................................................................................ ............................................................++++++
writing new private key to 'newreq.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) []:.
State or Province Name (full name) []:.
Locality Name (eg, city) []:.
Organization Name (eg, company) []:.
Organizational Unit Name (eg, section) []:.
Common Name (eg, your name or your server's hostname) []:.
emailAddress []:.

Please enter the following 'extra' attributes
to be sent with your certificate request

+ openssl ca -policy policy_anything -out newcert.pem -passin pass:whatever -key whatever -extensions xpclient_ext -extfile xpextensions -infiles newreq.pem
Using configuration from /usr/share/ssl/openssl.cnf
Error opening CA private key ./demoCA/private/cakey.pem
4377:error:02001002:system library:fopen:No such file or directory:bss_file.c:25 9:fopen('./demoCA/private/cakey.pem','r')
4377:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:261:
unable to load CA private key
+ openssl pkcs12 -export -in newcert.pem -inkey newreq.pem -out cert-clt.p12 -cl certs -passin pass:whatever -passout pass:whatever
Error opening input file newcert.pem
newcert.pem: No such file or directory
+ openssl pkcs12 -in cert-clt.p12 -out cert-clt.pem -passin pass:whatever -passo ut pass:whatever
Error opening input file cert-clt.p12
cert-clt.p12: No such file or directory
+ openssl x509 -inform PEM -outform DER -in cert-clt.pem -out cert-clt.der
Error opening Certificate cert-clt.pem
4380:error:02001002:system library:fopen:No such file or directory:bss_file.c:25 9:fopen('cert-clt.pem','r')
4380:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:261:
unable to load certificate
+ echo -e ''

+ echo -e '\t\t##################'
##################
+ echo -e '\t\tcreating server certificate'
creating server certificate
+ echo -e '\t\tname : name-srv'
name : name-srv
+ echo -e '\t\tserver certificate stored as cert-srv.pem'
server certificate stored as cert-srv.pem
+ echo -e '\t\tCA.pl -newreq'
CA.pl -newreq
+ echo -e '\t\tCA.pl -signreq'
CA.pl -signreq
+ echo -e '\t\t##################\n'
##################

+ openssl req -new -keyout newreq.pem -out newreq.pem -days 730 -passin pass:wha tever -passout pass:whatever
Generating a 1024 bit RSA private key
....................................++++++
......................++++++
writing new private key to 'newreq.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) []:.
State or Province Name (full name) []:.
Locality Name (eg, city) []:.
Organization Name (eg, company) []:.
Organizational Unit Name (eg, section) []:.
Common Name (eg, your name or your server's hostname) []:.
emailAddress []:.

Please enter the following 'extra' attributes
to be sent with your certificate request

+ openssl ca -policy policy_anything -out newcert.pem -passin pass:whatever -key whatever -extensions xpserver_ext -extfile xpextensions -infiles newreq.pem
Using configuration from /usr/share/ssl/openssl.cnf
Error opening CA private key ./demoCA/private/cakey.pem
4382:error:02001002:system library:fopen:No such file or directory:bss_file.c:25 9:fopen('./demoCA/private/cakey.pem','r')
4382:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:261:
unable to load CA private key
+ openssl pkcs12 -export -in newcert.pem -inkey newreq.pem -out cert-srv.p12 -cl certs -passin pass:whatever -passout pass:whatever
Error opening input file newcert.pem
newcert.pem: No such file or directory
+ openssl pkcs12 -in cert-srv.p12 -out cert-srv.pem -passin pass:whatever -passo ut pass:whatever
Error opening input file cert-srv.p12
cert-srv.p12: No such file or directory
+ openssl x509 -inform PEM -outform DER -in cert-srv.pem -out cert-srv.der
Error opening Certificate cert-srv.pem
4385:error:02001002:system library:fopen:No such file or directory:bss_file.c:25 9:fopen('cert-srv.pem','r')
4385:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:261:
unable to load certificate
+ echo -e '\n\t\t##################\n'

##################

all the file are in
/usr/share/doc/radiusd/raddb/certs/demoCA
/usr/src/freeradius/freeradius-1.1.7/raddb/certs/demoCA
/usr/src/freeradius/freeradius-1.1.7/raddb/certs/demoCA/index.txt
/usr/src/freeradius/freeradius-1.1.7/raddb/certs/demoCA/index.txt.old
/usr/src/freeradius/freeradius-1.1.7/raddb/certs/demoCA/serial
/usr/src/freeradius/freeradius-1.1.7/raddb/certs/demoCA/serial.old
/usr/src/freeradius/freeradius-1.1.7/raddb/certs/demoCA/cacert.pem
/usr/src/freeradius/freeradius-1.1.7/raddb/certs/demoCA
/etc/raddb/certs/demoCA

Where did I get wrong?
Should I add in the PATH=/usr/share/freeradius/freeradius-1.1.7/raddb/certs

Help appreciated!

saman 04-22-2008 05:25 AM
[root@marsindo scripts]# ./Ca.certs
bash: ./Ca.certs: No such file or directory
[root@marsindo scripts]# ./CA.certs

##################
create private key
name : name-root
CA.pl -newcert
##################

Generating a 1024 bit RSA private key
..................................++++++
...++++++
writing new private key to 'newreq.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) []:State or Province Name (full name) []:Locality Name (eg, city) []:Organization Name (eg, company) []:Organizational Unit Name (eg, section) []:Common Name (eg, your name or your server's hostname) []:[]:
##################
create CA
use just created 'newreq.pem' private key as filename
CA.pl -newca
##################

./CA.certs: line 85: CA.pl: command not found


All times are GMT -5. The time now is 10:20 AM.