[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: openssl problems


> I freshly installed OpenBSD 3.5-release/sparc for using as a Certificate 
> Authority. I unpacked the src.tar.gz too because it seemed that openssl 
> key creation wouldn't work without it. Creating a CA with CA.pl -newca 
> worked fine and the creation of a new certificate with CA.pl -newreq 
> succeeded too. So I wanted to sign this new key with the one of my new 
> created CA but without success. I did it with CA.pl -sign and I got the 
> following error:

You need to create a real OpenSSL config file if you want to use OpenSSLs 
"ca" features.  The default /etc/ssl/openssl.cnf does not have config 
variables for ca operations, it's missing the mandatory "default_ca" 
variable (which is exactly your error below) and "[ ca ]" sections.

> Getting request Private Key
> Generating certificate request
> Using configuration from /etc/ssl/openssl.cnf
> variable lookup failed for ca::default_ca
> 401:error:0E06D06C:configuration file routines:NCONF_get_string:no 
> value:/usr/src/lib/libssl/crypto/../src/crypto/conf/conf_lib.c:329:group=ca 
> name=default_ca

> Has anyone had the same problem or can give me some advice in solving this?

Create an OpenSSL config file that has all the config data you need.  
Man openssl(8), a lot to read but the definitive reference for the config 

Did you really expect to get a working CA from a default config file 
shipped with the OS?

Olaf Schreck    chakl_(_at_)_syscall_(_dot_)_de        syscall() Network Solutions, Berlin

Visit your host, monkey.org