Generate CA help
Hi
I need help to generate certificate or EAP/TLS authentication. Here I got error when I run the command #./CA.all + SSL=/usr/local/ssl + export PATH=/usr/local/ssl/bin/:/usr/local/ssl/ssl/misc:/usr/kerberos/sbin:/us r/kerberos/bin:/usr/local/bin:/usr/bin:/bin:/usr/X11R6/bin:/home/saman/bin + PATH=/usr/local/ssl/bin/:/usr/local/ssl/ssl/misc:/usr/kerberos/sbin:/usr/kerbe ros/bin:/usr/local/bin:/usr/bin:/bin:/usr/X11R6/bin:/home/saman/bin + export LD_LIBRARY_PATH=/usr/local/ssl/lib + LD_LIBRARY_PATH=/usr/local/ssl/lib + rm -rf demoCA 'roo*' 'cert*' newreq.pem '*.der' + echo -e '' + echo -e '\t\t##################' ################## + echo -e '\t\tcreate private key' create private key + echo -e '\t\tname : name-root' name : name-root + echo -e '\t\tCA.pl -newcert' CA.pl -newcert + echo -e '\t\t##################\n' ################## + openssl req -new -x509 -keyout newreq.pem -out newreq.pem -days 730 -passin pa ss:whatever -passout pass:whatever Generating a 1024 bit RSA private key .........++++++ ...++++++ writing new private key to 'newreq.pem' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) []:. State or Province Name (full name) []:. Locality Name (eg, city) []:. Organization Name (eg, company) []:. Organizational Unit Name (eg, section) []:. Common Name (eg, your name or your server's hostname) []:. emailAddress []:. + echo -e '' + echo -e '\t\t##################' ################## + echo -e '\t\tcreate CA' create CA + echo -e '\t\tuse just created '\''newreq.pem'\'' private key as filename' use just created 'newreq.pem' private key as filename + echo -e '\t\tCA.pl -newca' CA.pl -newca + echo -e '\t\t##################\n' ################## + echo newreq.pem + /usr/local/ssl/misc/CA.pl -newca ./CA.all: line 32: /usr/local/ssl/misc/CA.pl: No such file or directory + echo -e '' + echo -e '\t\t##################' ################## + echo -e '\t\texporting ROOT CA' exporting ROOT CA + echo -e '\t\tCA.pl -newreq' CA.pl -newreq + echo -e '\t\tCA.pl -signreq' CA.pl -signreq + echo -e '\t\topenssl pkcs12 -export -in demoCA/cacert.pem -inkey newreq.pem -o ut root.pem' openssl pkcs12 -export -in demoCA/cacert.pem -inkey newreq.pem - out root.pem + echo -e '\t\topenssl pkcs12 -in root.cer -out root.pem' openssl pkcs12 -in root.cer -out root.pem + echo -e '\t\t##################\n' ################## + openssl pkcs12 -export -in demoCA/cacert.pem -inkey newreq.pem -out root.p12 - cacerts -passin pass:whatever -passout pass:whatever Error opening input file demoCA/cacert.pem demoCA/cacert.pem: No such file or directory + openssl pkcs12 -in root.p12 -out root.pem -passin pass:whatever -passout pass: whatever Error opening input file root.p12 root.p12: No such file or directory + openssl x509 -inform PEM -outform DER -in root.pem -out root.der Error opening Certificate root.pem 4375:error:02001002:system library:fopen:No such file or directory:bss_file.c:25 9:fopen('root.pem','r') 4375:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:261: unable to load certificate + echo -e '' + echo -e '\t\t##################' ################## + echo -e '\t\tcreating client certificate' creating client certificate + echo -e '\t\tname : name-clt' name : name-clt + echo -e '\t\tclient certificate stored as cert-clt.pem' client certificate stored as cert-clt.pem + echo -e '\t\tCA.pl -newreq' CA.pl -newreq + echo -e '\t\tCA.pl -signreq' CA.pl -signreq + echo -e '\t\t##################\n' ################## + openssl req -new -keyout newreq.pem -out newreq.pem -days 730 -passin pass:wha tever -passout pass:whatever Generating a 1024 bit RSA private key ................++++++ ................................................................................ ............................................................++++++ writing new private key to 'newreq.pem' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) []:. State or Province Name (full name) []:. Locality Name (eg, city) []:. Organization Name (eg, company) []:. Organizational Unit Name (eg, section) []:. Common Name (eg, your name or your server's hostname) []:. emailAddress []:. Please enter the following 'extra' attributes to be sent with your certificate request + openssl ca -policy policy_anything -out newcert.pem -passin pass:whatever -key whatever -extensions xpclient_ext -extfile xpextensions -infiles newreq.pem Using configuration from /usr/share/ssl/openssl.cnf Error opening CA private key ./demoCA/private/cakey.pem 4377:error:02001002:system library:fopen:No such file or directory:bss_file.c:25 9:fopen('./demoCA/private/cakey.pem','r') 4377:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:261: unable to load CA private key + openssl pkcs12 -export -in newcert.pem -inkey newreq.pem -out cert-clt.p12 -cl certs -passin pass:whatever -passout pass:whatever Error opening input file newcert.pem newcert.pem: No such file or directory + openssl pkcs12 -in cert-clt.p12 -out cert-clt.pem -passin pass:whatever -passo ut pass:whatever Error opening input file cert-clt.p12 cert-clt.p12: No such file or directory + openssl x509 -inform PEM -outform DER -in cert-clt.pem -out cert-clt.der Error opening Certificate cert-clt.pem 4380:error:02001002:system library:fopen:No such file or directory:bss_file.c:25 9:fopen('cert-clt.pem','r') 4380:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:261: unable to load certificate + echo -e '' + echo -e '\t\t##################' ################## + echo -e '\t\tcreating server certificate' creating server certificate + echo -e '\t\tname : name-srv' name : name-srv + echo -e '\t\tserver certificate stored as cert-srv.pem' server certificate stored as cert-srv.pem + echo -e '\t\tCA.pl -newreq' CA.pl -newreq + echo -e '\t\tCA.pl -signreq' CA.pl -signreq + echo -e '\t\t##################\n' ################## + openssl req -new -keyout newreq.pem -out newreq.pem -days 730 -passin pass:wha tever -passout pass:whatever Generating a 1024 bit RSA private key ....................................++++++ ......................++++++ writing new private key to 'newreq.pem' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) []:. State or Province Name (full name) []:. Locality Name (eg, city) []:. Organization Name (eg, company) []:. Organizational Unit Name (eg, section) []:. Common Name (eg, your name or your server's hostname) []:. emailAddress []:. Please enter the following 'extra' attributes to be sent with your certificate request + openssl ca -policy policy_anything -out newcert.pem -passin pass:whatever -key whatever -extensions xpserver_ext -extfile xpextensions -infiles newreq.pem Using configuration from /usr/share/ssl/openssl.cnf Error opening CA private key ./demoCA/private/cakey.pem 4382:error:02001002:system library:fopen:No such file or directory:bss_file.c:25 9:fopen('./demoCA/private/cakey.pem','r') 4382:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:261: unable to load CA private key + openssl pkcs12 -export -in newcert.pem -inkey newreq.pem -out cert-srv.p12 -cl certs -passin pass:whatever -passout pass:whatever Error opening input file newcert.pem newcert.pem: No such file or directory + openssl pkcs12 -in cert-srv.p12 -out cert-srv.pem -passin pass:whatever -passo ut pass:whatever Error opening input file cert-srv.p12 cert-srv.p12: No such file or directory + openssl x509 -inform PEM -outform DER -in cert-srv.pem -out cert-srv.der Error opening Certificate cert-srv.pem 4385:error:02001002:system library:fopen:No such file or directory:bss_file.c:25 9:fopen('cert-srv.pem','r') 4385:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:261: unable to load certificate + echo -e '\n\t\t##################\n' ################## all the file are in /usr/share/doc/radiusd/raddb/certs/demoCA /usr/src/freeradius/freeradius-1.1.7/raddb/certs/demoCA /usr/src/freeradius/freeradius-1.1.7/raddb/certs/demoCA/index.txt /usr/src/freeradius/freeradius-1.1.7/raddb/certs/demoCA/index.txt.old /usr/src/freeradius/freeradius-1.1.7/raddb/certs/demoCA/serial /usr/src/freeradius/freeradius-1.1.7/raddb/certs/demoCA/serial.old /usr/src/freeradius/freeradius-1.1.7/raddb/certs/demoCA/cacert.pem /usr/src/freeradius/freeradius-1.1.7/raddb/certs/demoCA /etc/raddb/certs/demoCA Where did I get wrong? Should I add in the PATH=/usr/share/freeradius/freeradius-1.1.7/raddb/certs Help appreciated! |
[root@marsindo scripts]# ./Ca.certs
bash: ./Ca.certs: No such file or directory [root@marsindo scripts]# ./CA.certs ################## create private key name : name-root CA.pl -newcert ################## Generating a 1024 bit RSA private key ..................................++++++ ...++++++ writing new private key to 'newreq.pem' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) []:State or Province Name (full name) []:Locality Name (eg, city) []:Organization Name (eg, company) []:Organizational Unit Name (eg, section) []:Common Name (eg, your name or your server's hostname) []:[]: ################## create CA use just created 'newreq.pem' private key as filename CA.pl -newca ################## ./CA.certs: line 85: CA.pl: command not found |
All times are GMT -5. The time now is 10:20 AM. |