Hi,
I am trying to get sendmail STARTTLS working, and have gotten to the
point where I need a certificate.
This is completely new to me, and I have followed three different sets
of directions, and always come up with the same error message when I
finally go to sign my own certificate. ( I am just being my own CA
for testing purposes ).
I am running on OpenBSD 2.7, with OpenSSL 0.9.5a Apr 2000
I have tried using the openssl commands directly, and using the CA.pl
script.
Under all circumstances, I get to the final step ( sign ), and I get
an error message:
Using configuration from /etc/ssl/openssl.cnf
variable lookup failed for ca::default_ca
and it won't continue. Does anyone have any idea???
I have followed the manual steps @
http://www.sendmail.org/~ca/email/other/cagreg.html
where it walks through the manual openssl commands, and arrived at exactly
the same error message.
I am sure it's something stupid, but I've searched all over for that
error message, and I can't find a hint of what it means!
Here is a sample script of a session:
( using a modified CA.pl to add -nodes on the -newcert and -newreq )
( following directions from:
http://www.aet.tu-cottbus.de/personen/jaenicke/pfixtls/doc/myownca.html )
THANKS!
===========================================================================
# CA.pl -newca
CA certificate filename (or enter to create)
Making CA certificate ...
Using configuration from /etc/ssl/openssl.cnf
Generating a 1024 bit RSA private key
................++++++
.......++++++
writing new private key to './demoCA/private/cakey.pem'
Enter PEM pass phrase:
Verifying password - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [CA]:
State or Province Name (full name) [AB]:
Locality Name (eg, city) [Calgary]:
Organization Name (eg, company) [Acme Tools]:
Organizational Unit Name (eg, section) []:
Common Name (eg, fully qualified host name) []:Acme Tools CA
Email Address []:[EMAIL PROTECTED]
#
===========================================================================
# CA.pl -newreq
Using configuration from /etc/ssl/openssl.cnf
Generating a 1024 bit RSA private key
.............++++++
....++++++
writing new private key to 'newreq.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [CA]:
State or Province Name (full name) [AB]:
Locality Name (eg, city) [Calgary]:
Organization Name (eg, company) [Acme Tools]:
Organizational Unit Name (eg, section) []:
Common Name (eg, fully qualified host name) []:acmetools.com
Email Address []:[EMAIL PROTECTED]
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Request (and private key) is in newreq.pem
#
===========================================================================
# CA_cert.pl -sign
Using configuration from /etc/ssl/openssl.cnf
variable lookup failed for ca::default_ca
#
--
Steve Williams, Calgary, Alberta, Canada
Genie Computer Systems Inc.
[EMAIL PROTECTED]
"A man doesn't begin to attain wisdom until he recognizes that he is
no longer indispensable."
- Admiral Richard E. Byrd ( 1888-1957 )
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]