On Nov 18, 2004, at 12:58 PM, Dr. Stephen Henson wrote:
On Thu, Nov 18, 2004, Dan O'Brien wrote:
On Nov 18, 2004, at 11:48 AM, Dr. Stephen Henson wrote:
On Thu, Nov 18, 2004, Dan O'Brien wrote:
On Nov 17, 2004, at 7:49 PM, Dr. Stephen Henson wrote:
On Wed, Nov 17, 2004, Dan O'Brien wrote:
Hi Steve, thanks for the response. We did not get this error (or if
we
have, we haven't seen it):
Using configuration from /some/path/openssl.cnf Unable to load config info
But we did get this error upon attempting to make a CA:
unable to find 'distinguished_name' in config problems making Certificate Request
OK, try repeating the command with the -verbose command line option.
It should
then tell you where its getting its configuration from.
Check if the file exists is readable or is obviously broken. If it contains no line with this in it:
[distinguished_name]
then that counts as broken :-)
OK -- the "-v" option is unknown to the "req" command, as in:
[EMAIL PROTECTED]:~# openssl req -v -new -x509 -keyout private/cakey.pem -out
cacert.pem -days 7000
I said use the -verbose option not -v as in:
openssl req -verbose -new -x509 -keyout private/cakey.pem -out cacert.pem -days 7000
Steve.
We did attempt that previously, with the same result (sorry we didn't post this earlier):
[EMAIL PROTECTED]:~# openssl req -verbose -new -x509 -keyout private/cakey.pem
-out cacert.pem -days 7000
unknown option -verbose
req [options] <infile >outfile
where options are
-inform arg input format - DER or PEM
-outform arg output format - DER or PEM
-in arg input file
-out arg output file
-text text form of request
-noout do not output REQ
-verify verify signature on REQ
-modulus RSA modulus
-nodes don't encrypt the output key
-key file use the private key contained in file
-keyform arg key file format
-keyout arg file to send the key to
-rand file:file:...
load the file (or the files in the directory) into
the random number generator
-newkey rsa:bits generate a new RSA key of 'bits' in size
-newkey dsa:file generate a new DSA key, parameters taken from CA in
'file'
-[digest] Digest to sign with (md5, sha1, md2, mdc2, md4)
-config file request template file.
-new new request.
-x509 output a x509 structure instead of a cert. req.
-days number of days a x509 generated by -x509 is valid for.
-newhdr output "NEW" in the header lines
-asn1-kludge Output the 'request' in a format that is wrong but some
CA's
have been reported as requiring
-extensions .. specify certificate extension section (override value
in config file)
-reqexts .. specify request extension section (override value in
config file)
What version of OpenSSL are you using (openssl version -a)?
Steve.
It's old, but it's the latest in "Debian Stable:"
[EMAIL PROTECTED]:~# openssl version -a
OpenSSL 0.9.6c 21 dec 2001
built on: Wed Mar 3 19:09:47 UTC 2004
platform: debian-i386
options: bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) blowfish(idx)
compiler: gcc -fPIC -DTHREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DNO_IDEA -DNO_MDC2 -DNO_RC5 -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
