Alan DeKok wrote: Benjamin Scherb <[EMAIL PROTECTED]> wrote:In on of the section at the howto there is a discription on how to setup up a short C programm to enerate a random file. But I do not understand how I should generate this file.In the CVS snapshots, you can run the program in scripts/CA.certs, and it will do all of this for you.Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.ht If I started the CA.all script and entered the needed information, I get some error messages about missing files. I use Gentoo Linux with the newest portage. Also I run openssl 0.9.7d of 17th Mar 2004. Here the error messages: ########################################## + openssl pkcs12 -export -in demoCA/cacert.pem -inkey newreq.pem -out root.p12 -cacerts -passin pass:whatever -passout pass:whatever Error opening input file demoCA/cacert.pem demoCA/cacert.pem: No such file or directory + openssl pkcs12 -in root.p12 -out root.pem -passin pass:whatever -passout pass:whatever Error opening input file root.p12 root.p12: No such file or directory + openssl x509 -inform PEM -outform DER -in root.pem -out root.der Error opening Certificate root.pem 32582:error:02001002:system library:fopen:No such file or directory:bss_file.c:276:fopen('root.pem','r') 32582:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:278: unable to load certificate ########################################## Attached you will find the full output of CA.all that runs on my system. Have anyone a idea to solve the issue with fopen? Best Regards Benjamin |
bash-2.05b$ ./CA.all + SSL=/usr/local/ssl + export PATH=/usr/local/ssl/bin/:/usr/local/ssl/ssl/misc:/usr/kde/3.2/bin:/bin:/usr/bin:/usr/local/bin:/opt/bin:/usr/i486-pc-linux-gnu/gcc-bin/3.3:/usr/X11R6/bin:/opt/blackdown-jdk-1.4.1/bin:/opt/blackdown-jdk-1.4.1/jre/bin:/usr/qt/3/bin:/usr/kde/3.2/bin:/usr/kde/3.1/bin:/usr/games/bin + PATH=/usr/local/ssl/bin/:/usr/local/ssl/ssl/misc:/usr/kde/3.2/bin:/bin:/usr/bin:/usr/local/bin:/opt/bin:/usr/i486-pc-linux-gnu/gcc-bin/3.3:/usr/X11R6/bin:/opt/blackdown-jdk-1.4.1/bin:/opt/blackdown-jdk-1.4.1/jre/bin:/usr/qt/3/bin:/usr/kde/3.2/bin:/usr/kde/3.1/bin:/usr/games/bin + export LD_LIBRARY_PATH=/usr/local/ssl/lib + LD_LIBRARY_PATH=/usr/local/ssl/lib + rm -rf demoCA 'roo*' certs.sh '*.pem' '*.der' + echo -e '' + echo -e '\t\t##################' ################## + echo -e '\t\tcreate private key' create private key + echo -e '\t\tname : name-root' name : name-root + echo -e '\t\tCA.pl -newcert' CA.pl -newcert + echo -e '\t\t##################\n' ################## + openssl req -new -x509 -keyout newreq.pem -out newreq.pem -days 730 -passin pass:whatever -passout pass:whatever Generating a 1024 bit RSA private key ...............++++++ .................++++++ writing new private key to 'newreq.pem' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:AU State or Province Name (full name) [Some-State]:state Locality Name (eg, city) []:city Organization Name (eg, company) [Internet Widgits Pty Ltd]:company Organizational Unit Name (eg, section) []:section Common Name (eg, YOUR name) []:name Email Address []:[EMAIL PROTECTED] + echo -e '' + echo -e '\t\t##################' ################## + echo -e '\t\tcreate CA' create CA + echo -e '\t\tuse just created '\''newreq.pem'\'' private key as filename' use just created 'newreq.pem' private key as filename + echo -e '\t\tCA.pl -newca' CA.pl -newca + echo -e '\t\t##################\n' ################## + echo newreq.pem + /usr/local/ssl/misc/CA.pl -newca ./CA.all: line 32: /usr/local/ssl/misc/CA.pl: No such file or directory + echo -e '' + echo -e '\t\t##################' ################## + echo -e '\t\texporting ROOT CA' exporting ROOT CA + echo -e '\t\tCA.pl -newreq' CA.pl -newreq + echo -e '\t\tCA.pl -signreq' CA.pl -signreq + echo -e '\t\topenssl pkcs12 -export -in demoCA/cacert.pem -inkey newreq.pem -out root.pem' openssl pkcs12 -export -in demoCA/cacert.pem -inkey newreq.pem -out root.pem + echo -e '\t\topenssl pkcs12 -in root.cer -out root.pem' openssl pkcs12 -in root.cer -out root.pem + echo -e '\t\t##################\n' ################## + openssl pkcs12 -export -in demoCA/cacert.pem -inkey newreq.pem -out root.p12 -cacerts -passin pass:whatever -passout pass:whatever Error opening input file demoCA/cacert.pem demoCA/cacert.pem: No such file or directory + openssl pkcs12 -in root.p12 -out root.pem -passin pass:whatever -passout pass:whatever Error opening input file root.p12 root.p12: No such file or directory + openssl x509 -inform PEM -outform DER -in root.pem -out root.der Error opening Certificate root.pem 32262:error:02001002:system library:fopen:No such file or directory:bss_file.c:276:fopen('root.pem','r') 32262:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:278: unable to load certificate + echo -e '' + echo -e '\t\t##################' ################## + echo -e '\t\tcreating client certificate' creating client certificate + echo -e '\t\tname : name-clt' name : name-clt + echo -e '\t\tclient certificate stored as cert-clt.pem' client certificate stored as cert-clt.pem + echo -e '\t\tCA.pl -newreq' CA.pl -newreq + echo -e '\t\tCA.pl -signreq' CA.pl -signreq + echo -e '\t\t##################\n' ################## + openssl req -new -keyout newreq.pem -out newreq.pem -days 730 -passin pass:whatever -passout pass:whatever Generating a 1024 bit RSA private key .........++++++ .....++++++ writing new private key to 'newreq.pem' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:AU State or Province Name (full name) [Some-State]:state Locality Name (eg, city) []:city Organization Name (eg, company) [Internet Widgits Pty Ltd]:company Organizational Unit Name (eg, section) []:section Common Name (eg, YOUR name) []:name Email Address []:[EMAIL PROTECTED] Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:test An optional company name []:company + openssl ca -policy policy_anything -out newcert.pem -passin pass:whatever -key whatever -extensions xpclient_ext -extfile xpextensions -infiles newreq.pem Using configuration from /etc/ssl/openssl.cnf Error opening CA private key ./demoCA/private/cakey.pem 32279:error:0E06D06C:configuration file routines:NCONF_get_string:no value:conf_lib.c:329:group=CA_default name=unique_subject 32279:error:02001002:system library:fopen:No such file or directory:bss_file.c:276:fopen('./demoCA/private/cakey.pem','r') 32279:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:278: unable to load CA private key ./CA.all: line 59: 32279 Segmentation fault openssl ca -policy policy_anything -out newcert.pem -passin pass:whatever -key whatever -extensions xpclient_ext -extfile xpextensions -infiles newreq.pem + openssl pkcs12 -export -in newcert.pem -inkey newreq.pem -out cert-clt.p12 -clcerts -passin pass:whatever -passout pass:whatever Error opening input file newcert.pem newcert.pem: No such file or directory + openssl pkcs12 -in cert-clt.p12 -out cert-clt.pem -passin pass:whatever -passout pass:whatever Error opening input file cert-clt.p12 cert-clt.p12: No such file or directory + openssl x509 -inform PEM -outform DER -in cert-clt.pem -out cert-clt.der Error opening Certificate cert-clt.pem 32282:error:02001002:system library:fopen:No such file or directory:bss_file.c:276:fopen('cert-clt.pem','r') 32282:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:278: unable to load certificate + echo -e '' + echo -e '\t\t##################' ################## + echo -e '\t\tcreating server certificate' creating server certificate + echo -e '\t\tname : name-srv' name : name-srv + echo -e '\t\tserver certificate stored as cert-srv.pem' server certificate stored as cert-srv.pem + echo -e '\t\tCA.pl -newreq' CA.pl -newreq + echo -e '\t\tCA.pl -signreq' CA.pl -signreq + echo -e '\t\t##################\n' ################## + openssl req -new -keyout newreq.pem -out newreq.pem -days 730 -passin pass:whatever -passout pass:whatever Generating a 1024 bit RSA private key ........................++++++ .++++++ writing new private key to 'newreq.pem' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:AU State or Province Name (full name) [Some-State]:state Locality Name (eg, city) []:city Organization Name (eg, company) [Internet Widgits Pty Ltd]:company Organizational Unit Name (eg, section) []:section Common Name (eg, YOUR name) []:name Email Address []:[EMAIL PROTECTED] Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:test An optional company name []:company + openssl ca -policy policy_anything -out newcert.pem -passin pass:whatever -key whatever -extensions xpserver_ext -extfile xpextensions -infiles newreq.pem Using configuration from /etc/ssl/openssl.cnf Error opening CA private key ./demoCA/private/cakey.pem 32296:error:0E06D06C:configuration file routines:NCONF_get_string:no value:conf_lib.c:329:group=CA_default name=unique_subject 32296:error:02001002:system library:fopen:No such file or directory:bss_file.c:276:fopen('./demoCA/private/cakey.pem','r') 32296:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:278: unable to load CA private key ./CA.all: line 75: 32296 Segmentation fault openssl ca -policy policy_anything -out newcert.pem -passin pass:whatever -key whatever -extensions xpserver_ext -extfile xpextensions -infiles newreq.pem + openssl pkcs12 -export -in newcert.pem -inkey newreq.pem -out cert-srv.p12 -clcerts -passin pass:whatever -passout pass:whatever Error opening input file newcert.pem newcert.pem: No such file or directory + openssl pkcs12 -in cert-srv.p12 -out cert-srv.pem -passin pass:whatever -passout pass:whatever Error opening input file cert-srv.p12 cert-srv.p12: No such file or directory + openssl x509 -inform PEM -outform DER -in cert-srv.pem -out cert-srv.der Error opening Certificate cert-srv.pem 32299:error:02001002:system library:fopen:No such file or directory:bss_file.c:276:fopen('cert-srv.pem','r') 32299:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:278: unable to load certificate + echo -e '\n\t\t##################\n' ##################