Hi Steve. Well actually, nothing ! ... CA signing: private/server.csr -> private/server.crt: Using configuration from ca.config Enter PEM pass phrase: ... and so forth. But it doesn't tell me what are the configuration parameters. I tried this a few times, always the same error messages but it builds the requisite server.crt at the end. Is ca.config some file I am suposed t have, t is very hard to find anything in RedHat. TIA
[EMAIL PROTECTED] wrote: > > >> I had some, for me, un-decipherable error messages when trying to sign > >> my own certificate. > >> First I created my private key and certificate signing request : > >> [ssl]# openssl genrsa -des3 -out sever.key 1024 > >> [ssl]# openssl req -new -key server.key -out server.csr > >> Then I created my own certificate authority: > >> [ssl]# openssl genrsa -des3 -out ca.key 1024 > >> Next, I created a self-signed CA certificate with my rsa key: > >> [ssl]# openssl req -new -x509 -days 365 -key ca.key -out ca.crt > >> Finally, I attempted to sign the ca.crt > >> [ssl]# ./sign.sh private/server.csr > > These seem to be very much like the ones listed in the mod_ssl faq. > http://www.modssl.org/docs/2.8/ssl_faq.html#ToC29 > > >> 2117:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block > >> type is not 01:rsa_pk1.c:100: > > Just out of curiosity, when sign.sh run the commands > > openssl ca -config ... > > what is the argument to -config? Is the CA_Authority section in that > configuration file referencing your CA? > > -- > Steve > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]