CA.all problem
Hi, Using the provided script CA.all, trying to create self-signed certs on a new freeradius box and running into a missing serial file problem. Executing the commands in the script line-by-line shows that the command openssl ca -policy policy_anything -out newcert.pem -passin pass:whatever -key whatever -extensions xpserver_ext -extfile xpextensions -infiles newreq.pem is what is looking for the file ./demoCA/serial which does not exist. I think it is normally created during CA.pl -newca but this doesn't appear to happen with the script's command of echo newreq.pem | /usr/local/ssl/misc/CA.pl -newca. I'm using OpenSSL version 0.9.8e. Anyone have this experience? Thanks! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CA.all problem
On Thu, 2007-09-06 at 13:56 -0400, Mack Ragan wrote: Hi, Using the provided script CA.all, trying to create self-signed certs on a new freeradius box and running into a missing serial file problem. Executing the commands in the script line-by-line shows that the command openssl ca -policy policy_anything -out newcert.pem -passin pass:whatever -key whatever -extensions xpserver_ext -extfile xpextensions -infiles newreq.pem is what is looking for the file ./demoCA/serial which does not exist. I think it is normally created during CA.pl -newca but this doesn't appear to happen with the script's command of echo newreq.pem | /usr/local/ssl/misc/CA.pl -newca. I'm using OpenSSL version 0.9.8e. Anyone have this experience? Thanks! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Check this site out to answer your question http://www.tc.umn.edu/~brams006/selfsign.html dutch - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CA.all problem
Mack Ragan wrote: Using the provided script CA.all, trying to create self-signed certs on a new freeradius box and running into a missing serial file problem. Executing the commands in the script line-by-line shows that the command openssl ca -policy policy_anything -out newcert.pem -passin pass:whatever -key whatever -extensions xpserver_ext -extfile xpextensions -infiles newreq.pem is what is looking for the file ./demoCA/serial which does not exist. I think it is normally created during CA.pl -newca but this doesn't appear to happen with the script's command of echo newreq.pem | /usr/local/ssl/misc/CA.pl -newca. I'm using OpenSSL version 0.9.8e. Anyone have this experience? OpenSSL has changed the way their scripts run a number of times. I've pretty mich given up trying to keep up. Instead, use the certificate generation tools in 2.0.0-pre2. They're simple and easy to use. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CA.all problem
Thanks Alan. I have actually figured out some openssl commands that seem to have worked ok for me. I'll post them a little later for what it's worth to anyone. Alan DeKok wrote: Mack Ragan wrote: Using the provided script CA.all, trying to create self-signed certs on a new freeradius box and running into a missing serial file problem. Executing the commands in the script line-by-line shows that the command openssl ca -policy policy_anything -out newcert.pem -passin pass:whatever -key whatever -extensions xpserver_ext -extfile xpextensions -infiles newreq.pem is what is looking for the file ./demoCA/serial which does not exist. I think it is normally created during CA.pl -newca but this doesn't appear to happen with the script's command of echo newreq.pem | /usr/local/ssl/misc/CA.pl -newca. I'm using OpenSSL version 0.9.8e. Anyone have this experience? OpenSSL has changed the way their scripts run a number of times. I've pretty mich given up trying to keep up. Instead, use the certificate generation tools in 2.0.0-pre2. They're simple and easy to use. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html