problems generating certificates

Tue, 27 Dec 2005 15:39:42 -0800

hi everybody, well finally get install openssl v0.9.8a, now when i try to generate certificates to be used with freeradius (eap-tls or eap-peap) i use these commands to CERTIFICATE AUTHORITY GENERATION:
#openssl req -new -x509 -keyout newreq.pem -out newreq.pem -passin pass:clue1 -passout pass:clue1 #openssl pkcs12 -export -in demoCA/cacert.pem -inkey newreq.pem -out root.p12 -cacerts -passin pass:clue1 -passout pass:clue1 #openssl pkcs12 -in root.p12 -out root.pem -passin pass:clue1 -passout pass:clue1 

(i copied root.p12 from freeradius files)

#openssl x509 -inform PEM -outform DER -in root.pem -out root.der
#rm -rf newreq.pem

and these to SERVER CERTIFICATE GENERATION:


#openssl req -new -keyout newreq.pem -out newreq.pem -passin pass:whatever 
-passout pass:clue1
#openssl ca -policy policy_anything -out newcert.pem -passin pass:whatever 
-key whatever -extensions xpserver_ext -extfile xpextensions -infiles 
newreq.pem


right here, when using this command i get this error:

Error opening CA private key ./demoCA/private/cakey.pem

4161:error:02001002:system library:fopen:No such file or 
directory:bss_file.c:349:fopen ('./demoCA/private/cakey.pem' ,'r')

4161:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:351:
unable to load CA private key


well i really don't understand what this mean but reviewed 
./demoCA/private/cakey.pem and effectively it's there, so why openssl cann't 
locate it?? why unable to load CA private key??


so, i tried this:


#openssl x509 -inform PEM -outform DER -in demoCA/cacert.pem -out 
demoCA/cacert.der


but now get this:


4201:error:0906D06C:PEM routines:PEM_read_bio:no start 
line:pem_lib.c:644:Expecting: TRUSTED CERTIFICATE



excuse if this question is so trivial but i really don't understand it. 
could any body help and tell me what is happening?? thanks for your patience 
and help.

greetings

_________________________________________________________________

Charla con tus amigos en lĂ­nea mediante MSN Messenger: 
http://messenger.latam.msn.com/


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]






















					Reply via email to