Problem creating signed certs
Hello, I am trying to create a signed client certificate, but when I execute the command openssl ca -in req.pem -out newcert.pem The newcert.pem file is created but it is created as an empty file. Here is what I see on the display: /openssl-engine-0.9.6g/apps openssl ca -in req.pem -out newcert.pem Using configuration from /usr/local/ssl/openssl.cnf Check that the request matches the signature Signature ok The Subjects Distinguished Name is as follows countryName :PRINTABLE:'US' stateOrProvinceName :PRINTABLE:'MA' localityName :PRINTABLE:'Arlington' organizationName :PRINTABLE:'Brandywine mills' organizationalUnitName:PRINTABLE:'Hobbiton' commonName:PRINTABLE:'Frodo' emailAddress :IA5STRING:'[EMAIL PROTECTED]' The countryName field needed to be the same in the CA certificate (AU) and the request (US) /openssl-engine-0.9.6g/apps ls -l newcert.pem -rw-r--r--1 root root0 Oct 29 22:29 newcert.pem Can anyone help me understand what I'm missing or doing incorrectly? == Mike Cerone, CISSP, CCNA Ad Astra! == __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Problem creating signed certs
Hi your should check openssl.cnf file find policy section and change your countryName = match to something like this supplied or optional depends on policy Anton -Original Message- From: MikeCC [mailto:mikecc;atrek.org] Sent: Wednesday, October 30, 2002 07:02 To: [EMAIL PROTECTED] Subject: Problem creating signed certs Hello, I am trying to create a signed client certificate, but when I execute the command openssl ca -in req.pem -out newcert.pem The newcert.pem file is created but it is created as an empty file. Here is what I see on the display: /openssl-engine-0.9.6g/apps openssl ca -in req.pem -out newcert.pem Using configuration from /usr/local/ssl/openssl.cnf Check that the request matches the signature Signature ok The Subjects Distinguished Name is as follows countryName :PRINTABLE:'US' stateOrProvinceName :PRINTABLE:'MA' localityName :PRINTABLE:'Arlington' organizationName :PRINTABLE:'Brandywine mills' organizationalUnitName:PRINTABLE:'Hobbiton' commonName:PRINTABLE:'Frodo' emailAddress :IA5STRING:'[EMAIL PROTECTED]' The countryName field needed to be the same in the CA certificate (AU) and the request (US) /openssl-engine-0.9.6g/apps ls -l newcert.pem -rw-r--r--1 root root0 Oct 29 22:29 newcert.pem Can anyone help me understand what I'm missing or doing incorrectly? == Mike Cerone, CISSP, CCNA Ad Astra! == __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Problem creating signed certs
Mike... In the log you send shows: -The countryName field needed to be the same in the -CA certificate (AU) and the request (US) that's mean that you have in your configuration file (openssl.cnf) a sentence that don't let that the CA authority be from another country that the country of the client. That's why your certificate is left in blank... Regards, Adriano El mié, 30-10-2002 a las 01:01, MikeCC escribió: Hello, I am trying to create a signed client certificate, but when I execute the command openssl ca -in req.pem -out newcert.pem The newcert.pem file is created but it is created as an empty file. Here is what I see on the display: /openssl-engine-0.9.6g/apps openssl ca -in req.pem -out newcert.pem Using configuration from /usr/local/ssl/openssl.cnf Check that the request matches the signature Signature ok The Subjects Distinguished Name is as follows countryName :PRINTABLE:'US' stateOrProvinceName :PRINTABLE:'MA' localityName :PRINTABLE:'Arlington' organizationName :PRINTABLE:'Brandywine mills' organizationalUnitName:PRINTABLE:'Hobbiton' commonName:PRINTABLE:'Frodo' emailAddress :IA5STRING:'[EMAIL PROTECTED]' The countryName field needed to be the same in the CA certificate (AU) and the request (US) /openssl-engine-0.9.6g/apps ls -l newcert.pem -rw-r--r--1 root root0 Oct 29 22:29 newcert.pem Can anyone help me understand what I'm missing or doing incorrectly? == Mike Cerone, CISSP, CCNA Ad Astra! == __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]