Re: problems generate a random file (also CA.all)

Benjamin Scherb Sun, 16 May 2004 12:01:22 -0700

Alan DeKok wrote:

Benjamin Scherb <[EMAIL PROTECTED]> wrote:

In on of the section at the howto there is a discription on how to setup up
a short C programm to enerate a random file. But I do not understand
how I should generate this file.


  In the CVS snapshots, you can run the program in scripts/CA.certs,
and it will do all of this for you.


  Alan DeKok.


- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.ht

If I started the CA.all script and entered the needed information, I get some error messages about missing files.
I use Gentoo Linux with the newest portage. Also I run openssl 0.9.7d of 17th Mar 2004.

Here the error messages:

##########################################
+ openssl pkcs12 -export -in demoCA/cacert.pem -inkey newreq.pem -out root.p12 -cacerts -passin pass:whatever -passout pass:whatever
Error opening input file demoCA/cacert.pem
demoCA/cacert.pem: No such file or directory
+ openssl pkcs12 -in root.p12 -out root.pem -passin pass:whatever -passout pass:whatever
Error opening input file root.p12
root.p12: No such file or directory
+ openssl x509 -inform PEM -outform DER -in root.pem -out root.der
Error opening Certificate root.pem
32582:error:02001002:system library:fopen:No such file or directory:bss_file.c:276:fopen('root.pem','r')
32582:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:278:
unable to load certificate
##########################################

Attached you will find the full output of CA.all that runs on my system.
Have anyone a idea to solve the issue with fopen?

Best Regards
Benjamin

bash-2.05b$ ./CA.all
+ SSL=/usr/local/ssl
+ export 
PATH=/usr/local/ssl/bin/:/usr/local/ssl/ssl/misc:/usr/kde/3.2/bin:/bin:/usr/bin:/usr/local/bin:/opt/bin:/usr/i486-pc-linux-gnu/gcc-bin/3.3:/usr/X11R6/bin:/opt/blackdown-jdk-1.4.1/bin:/opt/blackdown-jdk-1.4.1/jre/bin:/usr/qt/3/bin:/usr/kde/3.2/bin:/usr/kde/3.1/bin:/usr/games/bin
+ 
PATH=/usr/local/ssl/bin/:/usr/local/ssl/ssl/misc:/usr/kde/3.2/bin:/bin:/usr/bin:/usr/local/bin:/opt/bin:/usr/i486-pc-linux-gnu/gcc-bin/3.3:/usr/X11R6/bin:/opt/blackdown-jdk-1.4.1/bin:/opt/blackdown-jdk-1.4.1/jre/bin:/usr/qt/3/bin:/usr/kde/3.2/bin:/usr/kde/3.1/bin:/usr/games/bin
+ export LD_LIBRARY_PATH=/usr/local/ssl/lib
+ LD_LIBRARY_PATH=/usr/local/ssl/lib
+ rm -rf demoCA 'roo*' certs.sh '*.pem' '*.der'
+ echo -e ''

+ echo -e '\t\t##################'
                ##################
+ echo -e '\t\tcreate private key'
                create private key
+ echo -e '\t\tname : name-root'
                name : name-root
+ echo -e '\t\tCA.pl -newcert'
                CA.pl -newcert
+ echo -e '\t\t##################\n'
                ##################

+ openssl req -new -x509 -keyout newreq.pem -out newreq.pem -days 730 -passin 
pass:whatever -passout pass:whatever
Generating a 1024 bit RSA private key
...............++++++
.................++++++
writing new private key to 'newreq.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:AU
State or Province Name (full name) [Some-State]:state
Locality Name (eg, city) []:city
Organization Name (eg, company) [Internet Widgits Pty Ltd]:company
Organizational Unit Name (eg, section) []:section
Common Name (eg, YOUR name) []:name
Email Address []:[EMAIL PROTECTED]
+ echo -e ''

+ echo -e '\t\t##################'
                ##################
+ echo -e '\t\tcreate CA'
                create CA
+ echo -e '\t\tuse just created '\''newreq.pem'\'' private key as filename'
                use just created 'newreq.pem' private key as filename
+ echo -e '\t\tCA.pl -newca'
                CA.pl -newca
+ echo -e '\t\t##################\n'
                ##################

+ echo newreq.pem
+ /usr/local/ssl/misc/CA.pl -newca
./CA.all: line 32: /usr/local/ssl/misc/CA.pl: No such file or directory
+ echo -e ''

+ echo -e '\t\t##################'
                ##################
+ echo -e '\t\texporting ROOT CA'
                exporting ROOT CA
+ echo -e '\t\tCA.pl -newreq'
                CA.pl -newreq
+ echo -e '\t\tCA.pl -signreq'
                CA.pl -signreq
+ echo -e '\t\topenssl pkcs12 -export -in demoCA/cacert.pem -inkey newreq.pem -out 
root.pem'
                openssl pkcs12 -export -in demoCA/cacert.pem -inkey newreq.pem -out 
root.pem
+ echo -e '\t\topenssl pkcs12 -in root.cer -out root.pem'
                openssl pkcs12 -in root.cer -out root.pem
+ echo -e '\t\t##################\n'
                ##################

+ openssl pkcs12 -export -in demoCA/cacert.pem -inkey newreq.pem -out root.p12 
-cacerts -passin pass:whatever -passout pass:whatever
Error opening input file demoCA/cacert.pem
demoCA/cacert.pem: No such file or directory
+ openssl pkcs12 -in root.p12 -out root.pem -passin pass:whatever -passout 
pass:whatever
Error opening input file root.p12
root.p12: No such file or directory
+ openssl x509 -inform PEM -outform DER -in root.pem -out root.der
Error opening Certificate root.pem
32262:error:02001002:system library:fopen:No such file or 
directory:bss_file.c:276:fopen('root.pem','r')
32262:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:278:
unable to load certificate
+ echo -e ''

+ echo -e '\t\t##################'
                ##################
+ echo -e '\t\tcreating client certificate'
                creating client certificate
+ echo -e '\t\tname : name-clt'
                name : name-clt
+ echo -e '\t\tclient certificate stored as cert-clt.pem'
                client certificate stored as cert-clt.pem
+ echo -e '\t\tCA.pl -newreq'
                CA.pl -newreq
+ echo -e '\t\tCA.pl -signreq'
                CA.pl -signreq
+ echo -e '\t\t##################\n'
                ##################

+ openssl req -new -keyout newreq.pem -out newreq.pem -days 730 -passin pass:whatever 
-passout pass:whatever
Generating a 1024 bit RSA private key
.........++++++
.....++++++
writing new private key to 'newreq.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:AU
State or Province Name (full name) [Some-State]:state
Locality Name (eg, city) []:city
Organization Name (eg, company) [Internet Widgits Pty Ltd]:company
Organizational Unit Name (eg, section) []:section
Common Name (eg, YOUR name) []:name
Email Address []:[EMAIL PROTECTED]

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:test
An optional company name []:company
+ openssl ca -policy policy_anything -out newcert.pem -passin pass:whatever -key 
whatever -extensions xpclient_ext -extfile xpextensions -infiles newreq.pem
Using configuration from /etc/ssl/openssl.cnf
Error opening CA private key ./demoCA/private/cakey.pem
32279:error:0E06D06C:configuration file routines:NCONF_get_string:no 
value:conf_lib.c:329:group=CA_default name=unique_subject
32279:error:02001002:system library:fopen:No such file or 
directory:bss_file.c:276:fopen('./demoCA/private/cakey.pem','r')
32279:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:278:
unable to load CA private key
./CA.all: line 59: 32279 Segmentation fault      openssl ca -policy policy_anything 
-out newcert.pem -passin pass:whatever -key whatever -extensions xpclient_ext -extfile 
xpextensions -infiles newreq.pem
+ openssl pkcs12 -export -in newcert.pem -inkey newreq.pem -out cert-clt.p12 -clcerts 
-passin pass:whatever -passout pass:whatever
Error opening input file newcert.pem
newcert.pem: No such file or directory
+ openssl pkcs12 -in cert-clt.p12 -out cert-clt.pem -passin pass:whatever -passout 
pass:whatever
Error opening input file cert-clt.p12
cert-clt.p12: No such file or directory
+ openssl x509 -inform PEM -outform DER -in cert-clt.pem -out cert-clt.der
Error opening Certificate cert-clt.pem
32282:error:02001002:system library:fopen:No such file or 
directory:bss_file.c:276:fopen('cert-clt.pem','r')
32282:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:278:
unable to load certificate
+ echo -e ''

+ echo -e '\t\t##################'
                ##################
+ echo -e '\t\tcreating server certificate'
                creating server certificate
+ echo -e '\t\tname : name-srv'
                name : name-srv
+ echo -e '\t\tserver certificate stored as cert-srv.pem'
                server certificate stored as cert-srv.pem
+ echo -e '\t\tCA.pl -newreq'
                CA.pl -newreq
+ echo -e '\t\tCA.pl -signreq'
                CA.pl -signreq
+ echo -e '\t\t##################\n'
                ##################

+ openssl req -new -keyout newreq.pem -out newreq.pem -days 730 -passin pass:whatever 
-passout pass:whatever
Generating a 1024 bit RSA private key
........................++++++
.++++++
writing new private key to 'newreq.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:AU
State or Province Name (full name) [Some-State]:state
Locality Name (eg, city) []:city
Organization Name (eg, company) [Internet Widgits Pty Ltd]:company
Organizational Unit Name (eg, section) []:section
Common Name (eg, YOUR name) []:name
Email Address []:[EMAIL PROTECTED]

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:test
An optional company name []:company
+ openssl ca -policy policy_anything -out newcert.pem -passin pass:whatever -key 
whatever -extensions xpserver_ext -extfile xpextensions -infiles newreq.pem
Using configuration from /etc/ssl/openssl.cnf
Error opening CA private key ./demoCA/private/cakey.pem
32296:error:0E06D06C:configuration file routines:NCONF_get_string:no 
value:conf_lib.c:329:group=CA_default name=unique_subject
32296:error:02001002:system library:fopen:No such file or 
directory:bss_file.c:276:fopen('./demoCA/private/cakey.pem','r')
32296:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:278:
unable to load CA private key
./CA.all: line 75: 32296 Segmentation fault      openssl ca -policy policy_anything 
-out newcert.pem -passin pass:whatever -key whatever -extensions xpserver_ext -extfile 
xpextensions -infiles newreq.pem
+ openssl pkcs12 -export -in newcert.pem -inkey newreq.pem -out cert-srv.p12 -clcerts 
-passin pass:whatever -passout pass:whatever
Error opening input file newcert.pem
newcert.pem: No such file or directory
+ openssl pkcs12 -in cert-srv.p12 -out cert-srv.pem -passin pass:whatever -passout 
pass:whatever
Error opening input file cert-srv.p12
cert-srv.p12: No such file or directory
+ openssl x509 -inform PEM -outform DER -in cert-srv.pem -out cert-srv.der
Error opening Certificate cert-srv.pem
32299:error:02001002:system library:fopen:No such file or 
directory:bss_file.c:276:fopen('cert-srv.pem','r')
32299:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:278:
unable to load certificate
+ echo -e '\n\t\t##################\n'

                ##################

Re: problems generate a random file (also CA.all)

Reply via email to