[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: openssl problems
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: openssl problems
- From: chakl_(_at_)_syscall_(_dot_)_de (Olaf Schreck)
- Date: Thu, 6 May 2004 16:26:47 +0200
- Reply-to: chakl_(_at_)_syscall_(_dot_)_de
> I freshly installed OpenBSD 3.5-release/sparc for using as a Certificate
> Authority. I unpacked the src.tar.gz too because it seemed that openssl
> key creation wouldn't work without it. Creating a CA with CA.pl -newca
> worked fine and the creation of a new certificate with CA.pl -newreq
> succeeded too. So I wanted to sign this new key with the one of my new
> created CA but without success. I did it with CA.pl -sign and I got the
> following error:
You need to create a real OpenSSL config file if you want to use OpenSSLs
"ca" features. The default /etc/ssl/openssl.cnf does not have config
variables for ca operations, it's missing the mandatory "default_ca"
variable (which is exactly your error below) and "[ ca ]" sections.
> Getting request Private Key
> Generating certificate request
> Using configuration from /etc/ssl/openssl.cnf
> variable lookup failed for ca::default_ca
> 401:error:0E06D06C:configuration file routines:NCONF_get_string:no
> Has anyone had the same problem or can give me some advice in solving this?
Create an OpenSSL config file that has all the config data you need.
Man openssl(8), a lot to read but the definitive reference for the config
Did you really expect to get a working CA from a default config file
shipped with the OS?
Olaf Schreck chakl_(_at_)_syscall_(_dot_)_de syscall() Network Solutions, Berlin