Hello All,
I am using OpenSSL 0.9.8.
I created a self signed certificate using
# openssl req -x509 -out cacert.pem -new -keyout cacert.pem -days 365 -nodes -subj /C=US/ST=California/L=Cupertino/O=test/CN=ca
I tried to setup the CA using
# echo "cacert.pem"|perl /opt/openssl/misc/CA.pl -newca
# echo "cacert.pem"|perl /opt/openssl/misc/CA.pl -newca
There serial file is not created in the demoCA directory.
0.9.7x:
# cat demoCA/serial
BA1098D6DC316744
# cat demoCA/serial
BA1098D6DC316744
0.9.8:
#cat demoCA/serial
cat: Cannot open demoCA/serial: No such file or directory
#cat demoCA/serial
cat: Cannot open demoCA/serial: No such file or directory
In order to create the serial file the lines between the ### marks can be added to the CA.pl file
Line 105 :
if ($FILE) {
cp_pem($FILE,"${CATOP}/private/$CAKEY", "PRIVATE");
cp_pem($FILE,"${CATOP}/$CACERT", "CERTIFICATE");
$RET=$?;
#########################################
if (! -f "${CATOP}/serial" )
{
system ("$X509 -in ${CATOP}/$CACERT -noout "
.. "-next_serial -out ${CATOP}/serial");
}
#########################################
} else {
print "Making CA certificate ....\n";
system ("$REQ -new -keyout " ..
"${CATOP}/private/$CAKEY -out ${CATOP}/$CAREQ");
system ("$CA -create_serial " ..
"-out ${CATOP}/$CACERT $CADAYS -batch " ..
"-keyfile ${CATOP}/private/$CAKEY -selfsign " ..
"-infiles ${CATOP}/$CAREQ ");
$RET=$?;
}
One more thing, the CA.sh is very outdated and has a number of bugs
Line 105 :
if ($FILE) {
cp_pem($FILE,"${CATOP}/private/$CAKEY", "PRIVATE");
cp_pem($FILE,"${CATOP}/$CACERT", "CERTIFICATE");
$RET=$?;
#########################################
if (! -f "${CATOP}/serial" )
{
system ("$X509 -in ${CATOP}/$CACERT -noout "
.. "-next_serial -out ${CATOP}/serial");
}
#########################################
} else {
print "Making CA certificate ....\n";
system ("$REQ -new -keyout " ..
"${CATOP}/private/$CAKEY -out ${CATOP}/$CAREQ");
system ("$CA -create_serial " ..
"-out ${CATOP}/$CACERT $CADAYS -batch " ..
"-keyfile ${CATOP}/private/$CAKEY -selfsign " ..
"-infiles ${CATOP}/$CAREQ ");
$RET=$?;
}
One more thing, the CA.sh is very outdated and has a number of bugs
I have filed a bug report and given a patch at
http://www.aet.tu-cottbus.de/rt2/Ticket/Display.html?id=1209
Please share your suggestions on this.
Thanks,
Prakash
Prakash
Yahoo! Music Unlimited - Access over 1 million songs. Try it free.