from:"Dan O'Brien"

Re: Issues creating Certificate Authority

2004-12-02 Thread Dan O'Brien

OK, installed 0.9.7e and the openssl.cnf file to the right location.
Was then able to create the certificate authority.
However, the next step, creating the SSL key for apache, met with the
following error:
[EMAIL PROTECTED]:/etc/ssl# openssl req -new -config ./openssl.cnf -nodes 
-out
./apache-req.pem -keyout ./apache-key.pem
Using configuration from ./openssl.cnf
error on line 1074095624 of ./openssl.cnf
297:error:02001002:system library:fopen:No such file or
directory:bss_file.c:104:fopen('./openssl.cnf','rb')
297:error:2006D002:BIO routines:BIO_new_file:system 
lib:bss_file.c:106:
297:error:0E064002:configuration file routines:CONF_load:system
lib:conf_lib.c:91:

Ideas?
It can't find ./openssl.cnf?
I suggest you dump all these cookbook recipes and stick to something 
like:

CA.pl -newca
(this creates root CA)
CA.pl -newreq
(creates a certificate request)
CA.pl -sign
(signs request).
After running those the private key is in newreq.pem, the certificate 
in
newcert.pem and the CA certificate in demoCA/cacert.pem and you can 
copy them
to wherever is appropriate.

Steve.
OK, thanks. However, I'm clueless about how to execute the above 
commands. "CA.pl" is an unknown command to my system, and openssl req 
doesn't list it as an option.

What specifically am I missing about your suggestion?
- Dan O'Brien
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Issues creating Certificate Authority

2004-12-01 Thread Dan O'Brien

On Nov 23, 2004, at 1:59 PM, Charles B Cranston wrote:
It's possible from what you describe that it was a
hanging alias, that is, a symbolic link pointing to
a file that does not actually exist.  This looks like
a file initially but gets a "file does not exist"
when you try to actually use it...
Dan O'Brien wrote:
On Nov 22, 2004, at 1:41 PM, Dr. Stephen Henson wrote:
On Mon, Nov 22, 2004, Dan O'Brien wrote:
Searched for openssl.cnf and it is on the system:
[EMAIL PROTECTED]:/etc/ssl# locate openssl.cnf
/usr/lib/ssl/openssl.cnf
Is this a clue to the problem?
Might be :-) Depends what's in that file. Does it contain a line 
with:

[distinguished_name]
on it? Does it have world read permissions? What happens if you 
include the
command line switch: -config /usr/lib/ssl/openssl.cnf to the req 
command that
was failing before?


Progress! It appears that although "locate" indicated the presence of 
the openssl.cnf file... (as in:
[EMAIL PROTECTED]:~$ locate openssl.cnf
/usr/lib/ssl/openssl.cnf)
...when I vi'd it as root, the file was blank, and vi indicated that 
it was making a new file.
Adding the -config /usr/lib/ssl/openssl.cnf switch yielded this:
[EMAIL PROTECTED]:~# openssl req -new -x509 -keyout private/cakey.pem -out 
cacert.pem -days 7000 -config /usr/lib/ssl/openssl.cnf
Using configuration from /usr/lib/ssl/openssl.cnf
error on line 1074095624 of /usr/lib/ssl/openssl.cnf
1708:error:02001002:system library:fopen:No such file or 
directory:bss_file.c:104:fopen('/usr/lib/ssl/openssl.cnf','rb')
1708:error:2006D002:BIO routines:BIO_new_file:system 
lib:bss_file.c:106:
1708:error:0E064002:configuration file routines:CONF_load:system 
lib:conf_lib.c:91:
Changing directories and listing showed this:
[EMAIL PROTECTED]:/usr/lib/ssl# ls
certs  lib  misc  openssl.cnf  private
...wherein openssl.cnf was displayed in red text set against a black 
selection rectangle -- what does this indicate?
In any case, all signs pointed to a malfunctioning file, so I rm'd 
it. You previously suggested that I unpack one from another 
installation. Unless you have a better idea, I believe the next move 
will be to try to install 0.9.7e.
- Dan O'Brien


OK, installed 0.9.7e and the openssl.cnf file to the right location. 
Was then able to create the certificate authority.

However, the next step, creating the SSL key for apache, met with the 
following error:

[EMAIL PROTECTED]:/etc/ssl# openssl req -new -config ./openssl.cnf -nodes -out 
./apache-req.pem -keyout ./apache-key.pem
Using configuration from ./openssl.cnf
error on line 1074095624 of ./openssl.cnf
297:error:02001002:system library:fopen:No such file or 
directory:bss_file.c:104:fopen('./openssl.cnf','rb')
297:error:2006D002:BIO routines:BIO_new_file:system lib:bss_file.c:106:
297:error:0E064002:configuration file routines:CONF_load:system 
lib:conf_lib.c:91:

Ideas?
- Dan O'Brien
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Issues creating Certificate Authority

2004-11-23 Thread Dan O'Brien

On Nov 22, 2004, at 1:41 PM, Dr. Stephen Henson wrote:
On Mon, Nov 22, 2004, Dan O'Brien wrote:
Searched for openssl.cnf and it is on the system:
[EMAIL PROTECTED]:/etc/ssl# locate openssl.cnf
/usr/lib/ssl/openssl.cnf
Is this a clue to the problem?
Might be :-) Depends what's in that file. Does it contain a line with:
[distinguished_name]
on it? Does it have world read permissions? What happens if you 
include the
command line switch: -config /usr/lib/ssl/openssl.cnf to the req 
command that
was failing before?


Progress! It appears that although "locate" indicated the presence of 
the openssl.cnf file... (as in:

[EMAIL PROTECTED]:~$ locate openssl.cnf
/usr/lib/ssl/openssl.cnf)
...when I vi'd it as root, the file was blank, and vi indicated that it 
was making a new file.

Adding the -config /usr/lib/ssl/openssl.cnf switch yielded this:
[EMAIL PROTECTED]:~# openssl req -new -x509 -keyout private/cakey.pem -out 
cacert.pem -days 7000 -config /usr/lib/ssl/openssl.cnf
Using configuration from /usr/lib/ssl/openssl.cnf
error on line 1074095624 of /usr/lib/ssl/openssl.cnf
1708:error:02001002:system library:fopen:No such file or 
directory:bss_file.c:104:fopen('/usr/lib/ssl/openssl.cnf','rb')
1708:error:2006D002:BIO routines:BIO_new_file:system lib:bss_file.c:106:
1708:error:0E064002:configuration file routines:CONF_load:system 
lib:conf_lib.c:91:

Changing directories and listing showed this:
[EMAIL PROTECTED]:/usr/lib/ssl# ls
certs  lib  misc  openssl.cnf  private
...wherein openssl.cnf was displayed in red text set against a black 
selection rectangle -- what does this indicate?

In any case, all signs pointed to a malfunctioning file, so I rm'd it. 
You previously suggested that I unpack one from another installation. 
Unless you have a better idea, I believe the next move will be to try 
to install 0.9.7e.

- Dan O'Brien
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Issues creating Certificate Authority

2004-11-22 Thread Dan O'Brien

On Nov 18, 2004, at 1:27 PM, Dr. Stephen Henson wrote:
On Thu, Nov 18, 2004, Dan O'Brien wrote:

It's old, but it's the latest in "Debian Stable:"
[EMAIL PROTECTED]:~# openssl version -a
OpenSSL 0.9.6c 21 dec 2001
built on: Wed Mar  3 19:09:47 UTC 2004
platform: debian-i386
options:  bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long)
blowfish(idx)
compiler: gcc -fPIC -DTHREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H
-DNO_IDEA -DNO_MDC2 -DNO_RC5 -DL_ENDIAN -DTERMIO -O3
-fomit-frame-pointer -Wall
I'd advise you to use a newer version that's ancient and has a number 
of
problems.

Failing that look for a file called 'openssl.cnf' on your system. It 
could be
in /usr/local/ssl/openssl.cnf but if they've used different compilation
options it may be elswhere. If its not on your system at all that's the
problem. If it isn't present then download OpenSSL and extract 
openssl.cnf
from there.

Steve.
Searched for openssl.cnf and it is on the system:
[EMAIL PROTECTED]:/etc/ssl# locate openssl.cnf
/usr/lib/ssl/openssl.cnf
Is this a clue to the problem?
We're running openssl as part of the Debian apache-ssl package. 
Successfully removed openssl 0.9.6 using the standard apt-get remove 
Debian tool, but unexpectedly uninstalled apache as well. Will an 
installation of openssl 0.9.7e overwrite the existing version? How do 
we install the new version of openssl without disrupting apache?

Optionally, should we skip the apt-get, uninstall everything, and 
re-install manually?

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Issues creating Certificate Authority

2004-11-18 Thread Dan O'Brien

On Nov 18, 2004, at 12:58 PM, Dr. Stephen Henson wrote:
On Thu, Nov 18, 2004, Dan O'Brien wrote:
On Nov 18, 2004, at 11:48 AM, Dr. Stephen Henson wrote:
On Thu, Nov 18, 2004, Dan O'Brien wrote:
On Nov 17, 2004, at 7:49 PM, Dr. Stephen Henson wrote:
On Wed, Nov 17, 2004, Dan O'Brien wrote:

Hi Steve, thanks for the response. We did not get this error (or 
if
we
have, we haven't seen it):

  Using configuration from /some/path/openssl.cnf
  Unable to load config info
But we did get this error upon attempting to make a CA:
  unable to find 'distinguished_name' in config
  problems making Certificate Request
OK, try repeating the command with the -verbose command line 
option.
It should
then tell you where its getting its configuration from.

Check if the file exists is readable or is obviously broken. If it
contains no
line with this in it:
[distinguished_name]
then that counts as broken :-)

OK -- the "-v" option is unknown to the "req" command, as in:
[EMAIL PROTECTED]:~# openssl req -v -new -x509 -keyout private/cakey.pem 
-out
cacert.pem -days 7000
I said use the -verbose option not -v as in:
openssl req -verbose -new -x509 -keyout private/cakey.pem -out
cacert.pem
-days 7000
Steve.
We did attempt that previously, with the same result (sorry we didn't
post this earlier):
[EMAIL PROTECTED]:~# openssl req -verbose -new -x509 -keyout 
private/cakey.pem
-out cacert.pem -days 7000
unknown option -verbose
req [options] outfile
where options  are
 -inform arginput format - DER or PEM
 -outform arg   output format - DER or PEM
 -in arginput file
 -out arg   output file
 -text  text form of request
 -noout do not output REQ
 -verifyverify signature on REQ
 -modulus   RSA modulus
 -nodes don't encrypt the output key
 -key file  use the private key contained in file
 -keyform arg   key file format
 -keyout argfile to send the key to
 -rand file:file:...
load the file (or the files in the directory) into
the random number generator
 -newkey rsa:bits generate a new RSA key of 'bits' in size
 -newkey dsa:file generate a new DSA key, parameters taken from CA in
'file'
 -[digest]  Digest to sign with (md5, sha1, md2, mdc2, md4)
 -config file   request template file.
 -new   new request.
 -x509  output a x509 structure instead of a cert. req.
 -days  number of days a x509 generated by -x509 is valid for.
 -newhdroutput "NEW" in the header lines
 -asn1-kludge   Output the 'request' in a format that is wrong but 
some
CA's
have been reported as requiring
 -extensions .. specify certificate extension section (override value
in config file)
 -reqexts ..specify request extension section (override value in
config file)

What version of OpenSSL are you using (openssl version -a)?
Steve.
It's old, but it's the latest in "Debian Stable:"
[EMAIL PROTECTED]:~# openssl version -a
OpenSSL 0.9.6c 21 dec 2001
built on: Wed Mar  3 19:09:47 UTC 2004
platform: debian-i386
options:  bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) 
blowfish(idx)
compiler: gcc -fPIC -DTHREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H 
-DNO_IDEA -DNO_MDC2 -DNO_RC5 -DL_ENDIAN -DTERMIO -O3 
-fomit-frame-pointer -Wall

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Issues creating Certificate Authority

2004-11-18 Thread Dan O'Brien

On Nov 18, 2004, at 11:48 AM, Dr. Stephen Henson wrote:
On Thu, Nov 18, 2004, Dan O'Brien wrote:
On Nov 17, 2004, at 7:49 PM, Dr. Stephen Henson wrote:
On Wed, Nov 17, 2004, Dan O'Brien wrote:

Hi Steve, thanks for the response. We did not get this error (or if 
we
have, we haven't seen it):

   Using configuration from /some/path/openssl.cnf
   Unable to load config info
But we did get this error upon attempting to make a CA:
   unable to find 'distinguished_name' in config
   problems making Certificate Request
OK, try repeating the command with the -verbose command line option.
It should
then tell you where its getting its configuration from.
Check if the file exists is readable or is obviously broken. If it
contains no
line with this in it:
[distinguished_name]
then that counts as broken :-)

OK -- the "-v" option is unknown to the "req" command, as in:
[EMAIL PROTECTED]:~# openssl req -v -new -x509 -keyout private/cakey.pem -out
cacert.pem -days 7000
I said use the -verbose option not -v as in:
openssl req -verbose -new -x509 -keyout private/cakey.pem -out 
cacert.pem
	-days 7000

Steve.
We did attempt that previously, with the same result (sorry we didn't 
post this earlier):

[EMAIL PROTECTED]:~# openssl req -verbose -new -x509 -keyout private/cakey.pem 
-out cacert.pem -days 7000
unknown option -verbose
req [options] outfile
where options  are
 -inform arginput format - DER or PEM
 -outform arg   output format - DER or PEM
 -in arginput file
 -out arg   output file
 -text  text form of request
 -noout do not output REQ
 -verifyverify signature on REQ
 -modulus   RSA modulus
 -nodes don't encrypt the output key
 -key file  use the private key contained in file
 -keyform arg   key file format
 -keyout argfile to send the key to
 -rand file:file:...
load the file (or the files in the directory) into
the random number generator
 -newkey rsa:bits generate a new RSA key of 'bits' in size
 -newkey dsa:file generate a new DSA key, parameters taken from CA in 
'file'
 -[digest]  Digest to sign with (md5, sha1, md2, mdc2, md4)
 -config file   request template file.
 -new   new request.
 -x509  output a x509 structure instead of a cert. req.
 -days  number of days a x509 generated by -x509 is valid for.
 -newhdroutput "NEW" in the header lines
 -asn1-kludge   Output the 'request' in a format that is wrong but some 
CA's
have been reported as requiring
 -extensions .. specify certificate extension section (override value 
in config file)
 -reqexts ..specify request extension section (override value in 
config file)

- Dan O'Brien
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Issues creating Certificate Authority

2004-11-18 Thread Dan O'Brien

On Nov 17, 2004, at 7:49 PM, Dr. Stephen Henson wrote:
On Wed, Nov 17, 2004, Dan O'Brien wrote:

Hi Steve, thanks for the response. We did not get this error (or if we
have, we haven't seen it):
Using configuration from /some/path/openssl.cnf
Unable to load config info
But we did get this error upon attempting to make a CA:
unable to find 'distinguished_name' in config
problems making Certificate Request
OK, try repeating the command with the -verbose command line option. 
It should
then tell you where its getting its configuration from.

Check if the file exists is readable or is obviously broken. If it 
contains no
line with this in it:

[distinguished_name]
then that counts as broken :-)

OK -- the "-v" option is unknown to the "req" command, as in:
[EMAIL PROTECTED]:~# openssl req -v -new -x509 -keyout private/cakey.pem -out 
cacert.pem -days 7000
unknown option -v
req [options] outfile
where options  are
 -inform arginput format - DER or PEM
 -outform arg   output format - DER or PEM
 -in arginput file
 -out arg   output file
 -text  text form of request
 -noout do not output REQ
 -verifyverify signature on REQ
 -modulus   RSA modulus
 -nodes don't encrypt the output key
 -key file  use the private key contained in file
 -keyform arg   key file format
 -keyout argfile to send the key to
 -rand file:file:...
load the file (or the files in the directory) into
the random number generator
 -newkey rsa:bits generate a new RSA key of 'bits' in size
 -newkey dsa:file generate a new DSA key, parameters taken from CA in 
'file'
 -[digest]  Digest to sign with (md5, sha1, md2, mdc2, md4)
 -config file   request template file.
 -new   new request.
 -x509  output a x509 structure instead of a cert. req.
 -days  number of days a x509 generated by -x509 is valid for.
 -newhdroutput "NEW" in the header lines
 -asn1-kludge   Output the 'request' in a format that is wrong but some 
CA's
have been reported as requiring
 -extensions .. specify certificate extension section (override value 
in config file)
 -reqexts ..specify request extension section (override value in 
config file)

What are we missing here?
- Dan O'Brien
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Issues creating Certificate Authority

2004-11-17 Thread Dan O'Brien

On Nov 17, 2004, at 1:01 PM, Dr. Stephen Henson wrote:
On Wed, Nov 17, 2004, Dan O'Brien wrote:
Hi,
We're trying to generate a Certificate Authority on our
Debian/Apachessl server. Here's the command we're entering:
openssl req -new -x509 -keyout private/cakey.pem -out cacert.pem -days
7000
The above command kicks back the following error:
unable to find 'distinguished_name' in config
problems making Certificate Request
290:error:0E06D06A:configuration file routines:NCONF_get_string:no 
conf
or environment variable:conf_lib.c:343:

We checked the openssl FAQ and discovered this:
+
DIAGNOSTICS
The following messages are frequently asked about:
Using configuration from /some/path/openssl.cnf
Unable to load config info
 This is followed some time later by...
unable to find 'distinguished_name' in config
problems making Certificate Request
 The first error message is the clue: it can't find the configuration
file! Certain operations (like examining a certificate request) don't
need a configuration file so its use isn't enforced. Generation of
certificates or requests however does need a configuration file. This
could be regarded as a bug.
 Another puzzling message is this:
Attributes:
a0:00
 this is displayed when no attributes are present and the request
includes the correct empty SET OF structure (the DER encoding of which
is 0xa0 0x00). If you just see:
Attributes:
 then the SET OF is missing and the encoding is technically invalid
(but it is tolerated). See the description of the command line option
-asn1-kludge for more information.
+
We then followed the lead to this info about -asn1-kludge:
The lead isn't asn1-kludge, that's something entirely different.
The hint is the bit where it talks about being unable to find the
configuration file.
Do you get an error about being unable to find the configuration file 
before
the one you mentioned?

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Hi Steve, thanks for the response. We did not get this error (or if we 
have, we haven't seen it):

Using configuration from /some/path/openssl.cnf
Unable to load config info
But we did get this error upon attempting to make a CA:
unable to find 'distinguished_name' in config
problems making Certificate Request
- Dan O'Brien
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Issues creating Certificate Authority

2004-11-17 Thread Dan O'Brien

Hi,
We're trying to generate a Certificate Authority on our 
Debian/Apachessl server. Here's the command we're entering:

openssl req -new -x509 -keyout private/cakey.pem -out cacert.pem -days 
7000

The above command kicks back the following error:
unable to find 'distinguished_name' in config
problems making Certificate Request
290:error:0E06D06A:configuration file routines:NCONF_get_string:no conf 
or environment variable:conf_lib.c:343:

We checked the openssl FAQ and discovered this:
+
DIAGNOSTICS
The following messages are frequently asked about:
Using configuration from /some/path/openssl.cnf
Unable to load config info
 This is followed some time later by...
unable to find 'distinguished_name' in config
problems making Certificate Request
 The first error message is the clue: it can't find the configuration 
file! Certain operations (like examining a certificate request) don't 
need a configuration file so its use isn't enforced. Generation of 
certificates or requests however does need a configuration file. This 
could be regarded as a bug.

 Another puzzling message is this:
Attributes:
a0:00
 this is displayed when no attributes are present and the request 
includes the correct empty SET OF structure (the DER encoding of which 
is 0xa0 0x00). If you just see:
Attributes:

 then the SET OF is missing and the encoding is technically invalid 
(but it is tolerated). See the description of the command line option 
-asn1-kludge for more information.
+

We then followed the lead to this info about -asn1-kludge:
+
asn1-kludge
by default the req command outputs certificate requests containing no 
attributes in the correct PKCS#10 format. However certain CAs will only 
accept requests containing no attributes in an invalid form: this 
option produces this invalid format.

 More precisely the Attributes in a PKCS#10 certificate request are 
defined as a SET OF Attribute. They are not OPTIONAL so if no 
attributes are present then they should be encoded as an empty SET OF. 
The invalid form does not include the empty SET OF whereas the correct 
form does.

 It should be noted that very few CAs still require the use of this 
option.
+

We then attempted to add the -asn1-kludge command to our req line in 
the following manner:

[EMAIL PROTECTED]:/etc/ssl# openssl req -asn1-kludge -new -x509 -keyout 
private/cakey.pem -out cacert.pem -days 7000

And we received the same result as before:
unable to find 'distinguished_name' in config
problems making Certificate Request
302:error:0E06D06A:configuration file routines:NCONF_get_string:no conf 
or environment variable:conf_lib.c:343:

Any ideas?
TIA,
Dan O'Brien
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: CSR generation not happy

2004-10-26 Thread Dan O'Brien

Hi Tyler, thanks for the response. We're trying to generate a 
certificate request so that we can get a new certificate.

Any ideas?
On Oct 26, 2004, at 7:04 AM, Tyler Durden wrote:
Sorry, I know a lot, but what do you want to get?, A certificate or a
certificate request, because that I think that this command (openssl
req) genrates a certificate request.
On Fri, 22 Oct 2004 11:53:44 -0400, Dan O'Brien 
<[EMAIL PROTECTED]> wrote:
Hi,
We're having some trouble generating a public.csr, so that we can
install an SSL Certificate on our web server. Verisign has no
suggestions. We've googled the error below with no results. Anyone 
have
any ideas?

Here's the command and the error result:
[EMAIL PROTECTED]:/usr/lib/ssl/certs# openssl req -new -nodes -keyout
private.key -out public.csr
Using configuration from /usr/lib/ssl/openssl.cnf
Unable to load config info
Generating a 512 bit RSA private key
...
..
writing new private key to 'private.key'
-
unable to find 'distinguished_name' in config
problems making Certificate Request
5012:error:0E06D06A:configuration file routines:NCONF_get_string:no
conf or environment variable:conf_lib.c:343:
5012:error:0E06D06A:configuration file routines:NCONF_get_string:no
conf or environment variable:conf_lib.c:343:
5012:error:0E06D06A:configuration file routines:NCONF_get_string:no
conf or environment variable:conf_lib.c:343:
5012:error:0E06D06A:configuration file routines:NCONF_get_string:no
conf or environment variable:conf_lib.c:343:
5012:error:0E06D06A:configuration file routines:NCONF_get_string:no
conf or environment variable:conf_lib.c:343:
5012:error:0E06D06A:configuration file routines:NCONF_get_string:no
conf or environment variable:conf_lib.c:343:
5012:error:0E06D06A:configuration file routines:NCONF_get_string:no
conf or environment variable:conf_lib.c:343:
5012:error:0E06D06A:configuration file routines:NCONF_get_string:no
conf or environment variable:conf_lib.c:343:
5012:error:0E06D06A:configuration file routines:NCONF_get_string:no
conf or environment variable:conf_lib.c:343:
5012:error:0E06D06A:configuration file routines:NCONF_get_string:no
conf or environment variable:conf_lib.c:343:
5012:error:0E06D06A:configuration file routines:NCONF_get_string:no
conf or environment variable:conf_lib.c:343:
5012:error:0E06D06A:configuration file routines:NCONF_get_string:no
conf or environment variable:conf_lib.c:343:
TIA for any assistance,
Dan O'Brien
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

CSR generation not happy

2004-10-22 Thread Dan O'Brien

Hi,
We're having some trouble generating a public.csr, so that we can 
install an SSL Certificate on our web server. Verisign has no 
suggestions. We've googled the error below with no results. Anyone have 
any ideas?

Here's the command and the error result:
[EMAIL PROTECTED]:/usr/lib/ssl/certs# openssl req -new -nodes -keyout 
private.key -out public.csr
Using configuration from /usr/lib/ssl/openssl.cnf
Unable to load config info
Generating a 512 bit RSA private key
...
..
writing new private key to 'private.key'
-
unable to find 'distinguished_name' in config
problems making Certificate Request
5012:error:0E06D06A:configuration file routines:NCONF_get_string:no 
conf or environment variable:conf_lib.c:343:
5012:error:0E06D06A:configuration file routines:NCONF_get_string:no 
conf or environment variable:conf_lib.c:343:
5012:error:0E06D06A:configuration file routines:NCONF_get_string:no 
conf or environment variable:conf_lib.c:343:
5012:error:0E06D06A:configuration file routines:NCONF_get_string:no 
conf or environment variable:conf_lib.c:343:
5012:error:0E06D06A:configuration file routines:NCONF_get_string:no 
conf or environment variable:conf_lib.c:343:
5012:error:0E06D06A:configuration file routines:NCONF_get_string:no 
conf or environment variable:conf_lib.c:343:
5012:error:0E06D06A:configuration file routines:NCONF_get_string:no 
conf or environment variable:conf_lib.c:343:
5012:error:0E06D06A:configuration file routines:NCONF_get_string:no 
conf or environment variable:conf_lib.c:343:
5012:error:0E06D06A:configuration file routines:NCONF_get_string:no 
conf or environment variable:conf_lib.c:343:
5012:error:0E06D06A:configuration file routines:NCONF_get_string:no 
conf or environment variable:conf_lib.c:343:
5012:error:0E06D06A:configuration file routines:NCONF_get_string:no 
conf or environment variable:conf_lib.c:343:
5012:error:0E06D06A:configuration file routines:NCONF_get_string:no 
conf or environment variable:conf_lib.c:343:

TIA for any assistance,
Dan O'Brien
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Issues creating Certificate Authority

Re: Issues creating Certificate Authority

Re: Issues creating Certificate Authority

Re: Issues creating Certificate Authority

Re: Issues creating Certificate Authority

Re: Issues creating Certificate Authority

Re: Issues creating Certificate Authority

Re: Issues creating Certificate Authority

Issues creating Certificate Authority

Re: CSR generation not happy

CSR generation not happy

11 matches

Site Navigation

Mail list logo

Footer information