I am trying to us the CA to make & sign Certs for servers/services both on ClearOS and on other equipment.
First I tried to make users for each service/server and have the CA Manager make the certs (which works), but the keys are protected as the webconfig will not allow empty passwords. I have note tried a password of "."; yet!
Going with the command line to make the CSR, key, & signing the Cert I get the following error:
[root@samson-stout CA]# openssl req -config openssl.cnf -new -nodes -out samson-stout.csr -keyout /etc/pki/CA/private/samson-stout-key.pem
Generating a 2048 bit RSA private key
..............................+++
...............................................+++
writing new private key to '/etc/pki/CA/private/samson-stout-key.pem'
-----
[root@samson-stout CA]# openssl ca -config openssl.cnf -infiles samson-stout.csr -out /etc/pki/CA/certs/samson-stout-cert.pem
Using configuration from openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 2097172 (0x200014)
Validity
Not Before: Aug 26 16:55:56 2014 GMT
Not After : Aug 20 16:55:56 2039 GMT
Subject:
countryName = US
stateOrProvinceName = Colorado
localityName = Gypsum
organizationName = Lundquist Networking
organizationName = E-Net
organizationalUnitName = IT Department
commonName = samson-stout.e-net.local
commonName = E-Net Samson-Stout
emailAddress = security@eriklundquist.net
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
A5:92:86................
X509v3 Authority Key Identifier:
keyid:86:15...........
Certificate is to be certified until Aug 20 16:55:56 2039 GMT (9125 days)
Sign the certificate? [y/n]:y
-out: No such file or directory
140601160722248:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('-out','r')
140601160722248:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
Any ideas?
First I tried to make users for each service/server and have the CA Manager make the certs (which works), but the keys are protected as the webconfig will not allow empty passwords. I have note tried a password of "."; yet!
Going with the command line to make the CSR, key, & signing the Cert I get the following error:
[root@samson-stout CA]# openssl req -config openssl.cnf -new -nodes -out samson-stout.csr -keyout /etc/pki/CA/private/samson-stout-key.pem
Generating a 2048 bit RSA private key
..............................+++
...............................................+++
writing new private key to '/etc/pki/CA/private/samson-stout-key.pem'
-----
[root@samson-stout CA]# openssl ca -config openssl.cnf -infiles samson-stout.csr -out /etc/pki/CA/certs/samson-stout-cert.pem
Using configuration from openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 2097172 (0x200014)
Validity
Not Before: Aug 26 16:55:56 2014 GMT
Not After : Aug 20 16:55:56 2039 GMT
Subject:
countryName = US
stateOrProvinceName = Colorado
localityName = Gypsum
organizationName = Lundquist Networking
organizationName = E-Net
organizationalUnitName = IT Department
commonName = samson-stout.e-net.local
commonName = E-Net Samson-Stout
emailAddress = security@eriklundquist.net
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
A5:92:86................
X509v3 Authority Key Identifier:
keyid:86:15...........
Certificate is to be certified until Aug 20 16:55:56 2039 GMT (9125 days)
Sign the certificate? [y/n]:y
-out: No such file or directory
140601160722248:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('-out','r')
140601160722248:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
Any ideas?
Share this post:
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »