SSL Certificate problems

Fri, 13 May 2005 02:57:26 -0700 

Hi all.

I've been following the instructions on various sites on how to setup
freeradius. The problem that I run into is that my system seems to have
a different SSL setup that the one assumed.
I'm running Centos 4.0 and using openssl-0.9.7a-43.1
SSL is installed in /usr/share/ssl. It is the CA.all script that is
giving my problems. I've changed the SSL variable in CA.all to point to
/usr/share/ssl. The next problem that I've encountered is that the CA.pl
script does not exist on my system. It is supposed to be located under
/usr/share/ssl/misc/ but it's not there. But under that same directory
is a script called CA (without any extension). This looks like the same
CA.pl that is needed so I made a symbolic link called CA.pl to it. 

The script can now run but I'm still getting errors. The problem is that
the CA script does not create its files in the correct location.

Here is the part of the CA script that I'm concerned about:
[snip]
-newca)     
    # if explicitly asked for or it doesn't exist then setup the
directory
    # structure that Eric likes to manage things 
    NEW="1"
    if [ "$NEW" -o ! -f ${CATOP}/serial ]; then
        # create the directory hierarchy
        mkdir ${CATOP} 
        mkdir ${CATOP}/certs 
        mkdir ${CATOP}/crl 
        mkdir ${CATOP}/newcerts
        mkdir ${CATOP}/private
        echo "01" > ${CATOP}/serial
        touch ${CATOP}/index.txt
    fi
    if [ ! -f ${CATOP}/private/$CAKEY ]; then
        echo "CA certificate filename (or enter to create)"
        read FILE

        # ask user for existing CA certificate
        if [ "$FILE" ]; then
            cp $FILE ${CATOP}/private/$CAKEY
            RET=$?
        else
            echo "Making CA certificate ..."
            $REQ -new -x509 -keyout ${CATOP}/private/$CAKEY \
                           -out ${CATOP}/$CACERT $DAYS
            RET=$?
        fi
    fi
    ;;
[snip]

Notice that if a file name is provided the script does not create the
certificate which is required for the rest of the CA.all script. Do I
have a different script to CA.pl? 

Sorry about the long (and confusing) post. If someone could please tell
me if this piece of code looks the same as the code in your CA.pl
script. Also any suggestions on what I'm doing wrong will be greatly
appreciated.

Thanks in advance.
Pico.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to