On Nov 23, 2004, at 1:59 PM, Charles B Cranston wrote:
It's possible from what you describe that it was a hanging alias, that is, a symbolic link pointing to a file that does not actually exist. This looks like a file initially but gets a "file does not exist" when you try to actually use it...
Dan O'Brien wrote:
On Nov 22, 2004, at 1:41 PM, Dr. Stephen Henson wrote:Progress! It appears that although "locate" indicated the presence of the openssl.cnf file... (as in:On Mon, Nov 22, 2004, Dan O'Brien wrote:
Searched for openssl.cnf and it is on the system:
[EMAIL PROTECTED]:/etc/ssl# locate openssl.cnf /usr/lib/ssl/openssl.cnf
Is this a clue to the problem?
Might be :-) Depends what's in that file. Does it contain a line with:
[distinguished_name]
on it? Does it have world read permissions? What happens if you include the
command line switch: -config /usr/lib/ssl/openssl.cnf to the req command that
was failing before?
[EMAIL PROTECTED]:~$ locate openssl.cnf
/usr/lib/ssl/openssl.cnf)
...when I vi'd it as root, the file was blank, and vi indicated that it was making a new file.
Adding the -config /usr/lib/ssl/openssl.cnf switch yielded this:
[EMAIL PROTECTED]:~# openssl req -new -x509 -keyout private/cakey.pem -out cacert.pem -days 7000 -config /usr/lib/ssl/openssl.cnf
Using configuration from /usr/lib/ssl/openssl.cnf
error on line 1074095624 of /usr/lib/ssl/openssl.cnf
1708:error:02001002:system library:fopen:No such file or directory:bss_file.c:104:fopen('/usr/lib/ssl/openssl.cnf','rb')
1708:error:2006D002:BIO routines:BIO_new_file:system lib:bss_file.c:106:
1708:error:0E064002:configuration file routines:CONF_load:system lib:conf_lib.c:91:
Changing directories and listing showed this:
[EMAIL PROTECTED]:/usr/lib/ssl# ls
certs lib misc openssl.cnf private
...wherein openssl.cnf was displayed in red text set against a black selection rectangle -- what does this indicate?
In any case, all signs pointed to a malfunctioning file, so I rm'd it. You previously suggested that I unpack one from another installation. Unless you have a better idea, I believe the next move will be to try to install 0.9.7e.
- Dan O'Brien
OK, installed 0.9.7e and the openssl.cnf file to the right location. Was then able to create the certificate authority.
However, the next step, creating the SSL key for apache, met with the following error:
[EMAIL PROTECTED]:/etc/ssl# openssl req -new -config ./openssl.cnf -nodes -out ./apache-req.pem -keyout ./apache-key.pem
Using configuration from ./openssl.cnf
error on line 1074095624 of ./openssl.cnf
297:error:02001002:system library:fopen:No such file or directory:bss_file.c:104:fopen('./openssl.cnf','rb')
297:error:2006D002:BIO routines:BIO_new_file:system lib:bss_file.c:106:
297:error:0E064002:configuration file routines:CONF_load:system lib:conf_lib.c:91:
Ideas?
- Dan O'Brien
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
