Here's a recipe for generating a CA directory for testing. It assumes you have already generated a CA key and cert.
touch $CA_DIR/index.txt echo '1000' > $CA_DIR/serial echo '1000' > $CA_DIR/crlnumber mkdir -m 700 $CA_DIR/newcerts mkdir -m 700 $CA_DIR/private mkdir $CA_DIR/certs cp $CA_KEY $CA_DIR/private/ca_key.pem chmod 600 $CA_DIR/private/ca_key.pem cp $CA_CERT $CA_DIR/certs/ca_cert.pem Those paths need to correspond to those set in the "[ CA_default ]" section of the openssl.cnf file. E.g. [ ca ] default_ca = CA_default # The default ca section #################################################################### [ CA_default ] dir = somedir/ca_dir # Where everything is kept certs = $dir/certs # Where the issued certs are kept crl_dir = $dir/crl # Where the issued crl are kept database = $dir/index.txt # database index file. unique_subject = no # Set to 'no' to allow creation of # several ctificates with same subject. new_certs_dir = $dir/newcerts # default place for new certs. certificate = $dir/certs/ca_cert.pem serial = $dir/serial # The current serial number crlnumber = $dir/crlnumber # the current crl number # must be commented out to leave a V1 CRL crl = $dir/crl.pem # The current CRL private_key = $dir/private/ca_key.pem RANDFILE = $dir/.rand # private random number file The initial crl file can be generated like so: cat ca_key_passphrase_file.txt | openssl ca -gencrl -out $CA_DIR/crl.pem -config /path/to/test.openssl.cnf -passin stdin Use 'openssl req' to generate the cert request private key. Use 'openssl spkac' to generate the spkac cert request data. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1828215 Title: openssl ca -spkac output regressed Status in OpenSSL: Unknown Status in openssl package in Ubuntu: Confirmed Status in openssl source package in Bionic: Confirmed Status in openssl source package in Cosmic: Confirmed Status in openssl source package in Disco: Confirmed Status in openssl source package in Eoan: Confirmed Bug description: [Impact] * openssl command line utility option parsing has regressed in 1.1.0i+ and produces binary output, where text output is expected, breaking applications that parse that. [Test Case] * OPENSSL_ENABLE_MD5_VERIFY=1 openssl ca -config test.openssl.cnf -passin stdin -batch -spkac input_file -startdate 190121130654Z Currently produces binary goop. Should produce PEM format Base64 encoded certificate data in a block surrounded with BEGIN/END certificate. [Regression Potential] * This is a regression in cosmic and up, and impeding regression in bionic with the upcoming 1.1.1 SRU. A bugfix exists upstream. [Other Info] * Originally reported https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1797386/comments/39 To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/1828215/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp