subject:"\[openssl\-users\] 1st time through, only \-\- \"Can't open root\/database.attr for reading, No such file or directory\" \?"

Re: [openssl-users] 1st time through, only -- "Can't open root/database.attr for reading, No such file or directory" ?

2017-06-04 Thread Jeffrey Walton

On Sun, Jun 4, 2017 at 8:57 PM, Jeffrey Walton  wrote:
> On Sun, Jun 4, 2017 at 7:56 PM, PGNet Dev  wrote:
>> On 6/4/17 4:51 PM, Jeffrey Walton wrote:

 but the process STARTS with an apparently non-fatal error ...

  Using configuration from /home/sec/newCA/openssl.cnf
  Can't open root/database.attr for reading, No such file or
 directory
  140013244086016:error:02001002:system
 library:fopen::crypto/bio/bss_file.c:74:fopen('root/database.attr','r')
  140013244086016:error:2006D080:BIO routines:BIO_new_file:no such
 file:crypto/bio/bss_file.c:81:
>>>
>>>
>>> This usually indicates the OpenSSL conf file cannot be found. Its odd
>>> that "Using configuration from /home/sec/newCA/openssl.cnf" is
>>> reported.
>>>
>>> Maybe you can try `OPENSSL_CONF=/home/sec/newCA/openssl.cnf `
>>> to isolate the issue (or maybe rule out its not a conf file problem).
>>
>>
>> The message above doesn't indicate that openssl.cnf can't be found.  In fact
>> it explcitly states that it IS found and IS using it
>>
  Using configuration from /home/sec/newCA/openssl.cnf
>>
>> It's the same openssl.cnf used in all the PRIOR steps, with not problem
>> whatsoever.
>>
>> Rather it's
>>
  Can't open root/database.attr for reading, No such file or
 directory
>>
>> that's not found.
>>
>> I've found that if I simply
>>
>> touch root/database.attr
>> touch intermediate/database.attr
>>
>> as already's been done with
>>
>> touch root/database
>> touch intermediate/database
>
> Oh, I was not aware you were skipping steps. I guess that explains the
> unusual results.

BTW, I believe you are also supposed to add an initial serial number.
Something like:

echo "0" > serialno.txt

Check your conf file for the filename.

(The information is somewhere in the docs. It may be in the
Certificates HOWTO or the CA HOWTO).

Jeff
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] 1st time through, only -- "Can't open root/database.attr for reading, No such file or directory" ?

2017-06-04 Thread Jeffrey Walton

On Sun, Jun 4, 2017 at 7:56 PM, PGNet Dev  wrote:
> On 6/4/17 4:51 PM, Jeffrey Walton wrote:
>>>
>>> but the process STARTS with an apparently non-fatal error ...
>>>
>>>  Using configuration from /home/sec/newCA/openssl.cnf
>>>  Can't open root/database.attr for reading, No such file or
>>> directory
>>>  140013244086016:error:02001002:system
>>> library:fopen::crypto/bio/bss_file.c:74:fopen('root/database.attr','r')
>>>  140013244086016:error:2006D080:BIO routines:BIO_new_file:no such
>>> file:crypto/bio/bss_file.c:81:
>>
>>
>> This usually indicates the OpenSSL conf file cannot be found. Its odd
>> that "Using configuration from /home/sec/newCA/openssl.cnf" is
>> reported.
>>
>> Maybe you can try `OPENSSL_CONF=/home/sec/newCA/openssl.cnf `
>> to isolate the issue (or maybe rule out its not a conf file problem).
>
>
> The message above doesn't indicate that openssl.cnf can't be found.  In fact
> it explcitly states that it IS found and IS using it
>
>>>  Using configuration from /home/sec/newCA/openssl.cnf
>
> It's the same openssl.cnf used in all the PRIOR steps, with not problem
> whatsoever.
>
> Rather it's
>
>>>  Can't open root/database.attr for reading, No such file or
>>> directory
>
> that's not found.
>
> I've found that if I simply
>
> touch root/database.attr
> touch intermediate/database.attr
>
> as already's been done with
>
> touch root/database
> touch intermediate/database

Oh, I was not aware you were skipping steps. I guess that explains the
unusual results.

Jeff
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] 1st time through, only -- "Can't open root/database.attr for reading, No such file or directory" ?

2017-06-04 Thread PGNet Dev

On 6/4/17 4:51 PM, Jeffrey Walton wrote:

but the process STARTS with an apparently non-fatal error ...

 Using configuration from /home/sec/newCA/openssl.cnf
 Can't open root/database.attr for reading, No such file or directory
 140013244086016:error:02001002:system 
library:fopen::crypto/bio/bss_file.c:74:fopen('root/database.attr','r')
 140013244086016:error:2006D080:BIO routines:BIO_new_file:no such 
file:crypto/bio/bss_file.c:81:

This usually indicates the OpenSSL conf file cannot be found. Its odd
that "Using configuration from /home/sec/newCA/openssl.cnf" is
reported.

Maybe you can try `OPENSSL_CONF=/home/sec/newCA/openssl.cnf `
to isolate the issue (or maybe rule out its not a conf file problem).

The message above doesn't indicate that openssl.cnf can't be found.  In 
fact it explcitly states that it IS found and IS using it

>>  Using configuration from /home/sec/newCA/openssl.cnf

It's the same openssl.cnf used in all the PRIOR steps, with not problem 
whatsoever.

Rather it's

>>  Can't open root/database.attr for reading, No such file or 
directory

that's not found.

I've found that if I simply

touch root/database.attr
touch intermediate/database.attr

as already's been done with

touch root/database
touch intermediate/database

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] 1st time through, only -- "Can't open root/database.attr for reading, No such file or directory" ?

2017-06-04 Thread Jeffrey Walton

> but the process STARTS with an apparently non-fatal error ...
>
> Using configuration from /home/sec/newCA/openssl.cnf
> Can't open root/database.attr for reading, No such file or directory
> 140013244086016:error:02001002:system 
> library:fopen::crypto/bio/bss_file.c:74:fopen('root/database.attr','r')
> 140013244086016:error:2006D080:BIO routines:BIO_new_file:no such 
> file:crypto/bio/bss_file.c:81:

This usually indicates the OpenSSL conf file cannot be found. Its odd
that "Using configuration from /home/sec/newCA/openssl.cnf" is
reported.

Maybe you can try `OPENSSL_CONF=/home/sec/newCA/openssl.cnf `
to isolate the issue (or maybe rule out its not a conf file problem).

Jeff
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] 1st time through, only -- "Can't open root/database.attr for reading, No such file or directory" ?

2017-06-04 Thread PGNet Dev

I've a new, local CA for (primary) local, self-signed, elliptical cert issuance 
& use.

I've built/installed,

openssl version
OpenSSL 1.1.0f  25 May 2017

I've created a ROOT crt & key, & and an INTERMEDIATE key & csr.

On exec of signing the INTERMEDIATE key with the ROOT.

openssl ca -batch \
 -notext \
 -extensions ext_intermediate \
 -config /home/sec/newCA/openssl.cnf \
 -name ca_root \
 -in  intermediate/csr/newCA.INTERMEDIATE.csr.pem \
 -out intermediate/certs/newCA.INTERMEDIATE.crt.pem

It appears to complete -- the cert's created

openssl x509 \
 -noout \
 -text \
 -in intermediate/certs/newCA.INTERMEDIATE.crt.pem

Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4096 (0x1000)
Signature Algorithm: ecdsa-with-SHA256
...

but the process STARTS with an apparently non-fatal error ...

Using configuration from /home/sec/newCA/openssl.cnf
Can't open root/database.attr for reading, No such file or directory
140013244086016:error:02001002:system 
library:fopen::crypto/bio/bss_file.c:74:fopen('root/database.attr','r')
140013244086016:error:2006D080:BIO routines:BIO_new_file:no such 
file:crypto/bio/bss_file.c:81:
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 4096 (0x1000)
Validity
Not Before: Jun  4 18:54:29 2017 GMT
Not After : Jun  2 18:54:29 2027 GMT
...
Write out database with 1 new entries
Data Base Updated

The only mention of

root/database

is in my openssl.conf

...
[ ca_root ]
dir   = root
certs = $dir/certs
crl_dir   = $dir/crl
new_certs_dir = $dir/newcerts
database  = $dir/database   <-
unique_subject= yes
...

PRIOR to creating the ROOT key, I

touch root/database
touch intermediate/database

AFTER the signing,

ls -al root/database*
-rw-r--r-- 1 root root 167 Jun  4 11:54 root/database
-rw-r--r-- 1 root root  21 Jun  4 11:54 root/database.attr
-rw-r--r-- 1 root root   0 Jun  4 11:51 root/database.old

and if I RE-exec the cmd,

openssl ca -batch \
...

there's no more error

Using configuration /home/sec/newCA/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
...

Checking

cat root/database.attr
unique_subject = yes

Which appears (?) to originate from the "[ ca_root ]" in my openssl.cnf

Do I need to touch, or manually populate, the 

root/database.attr

prior to first exec to init as well?

Or is this a bug?
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] 1st time through, only -- "Can't open root/database.attr for reading, No such file or directory" ?

Re: [openssl-users] 1st time through, only -- "Can't open root/database.attr for reading, No such file or directory" ?

Re: [openssl-users] 1st time through, only -- "Can't open root/database.attr for reading, No such file or directory" ?

Re: [openssl-users] 1st time through, only -- "Can't open root/database.attr for reading, No such file or directory" ?

[openssl-users] 1st time through, only -- "Can't open root/database.attr for reading, No such file or directory" ?

5 matches

Site Navigation

Mail list logo

Footer information