Mack Ragan wrote: > Using the provided script "CA.all", trying to create self-signed certs > on a new freeradius box and running into a missing serial file problem. > Executing the commands in the script line-by-line shows that the command > "openssl ca -policy policy_anything -out newcert.pem -passin > pass:whatever -key whatever -extensions xpserver_ext -extfile > xpextensions -infiles newreq.pem" is what is looking for the file > "./demoCA/serial" which does not exist. I think it is normally created > during "CA.pl -newca" but this doesn't appear to happen with the > script's command of "echo "newreq.pem" | /usr/local/ssl/misc/CA.pl > -newca". I'm using OpenSSL version 0.9.8e. Anyone have this experience?
OpenSSL has changed the way their scripts run a number of times. I've pretty mich given up trying to keep up. Instead, use the certificate generation tools in 2.0.0-pre2. They're simple and easy to use. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html