OpenSSL CA Certificate generation failing without error message
I want to create a CA Certificate out of a CSR. The process is failing with no error message though, so I don't know where to find a solution.
[user@computer myca]$ openssl ca -config openssl.cnf -out user1cert.pem -in user1req.pem
Using configuration from openssl.cnf
[user@computer myca]$
My config file looks like this:
[ca]
default_ca = CA_default
[CA_default]
dir = . # where everything is kept
new_certs_dir = $dir # default place for new certs
serial = $dir/serial # the current serial number
database = $dir/index # database index file
certificate = $dir/cacert.pem # The CA certificate
private_key = $dir/caprivkey.pem # The private key
RANDFILE = $dir/.rand # private random number file
default_days = 730 # how long to certify for
default_md = sha256 # which message digest to use
policy = policy_any # which policy is used
[policy_any]
countryName = supplied # country name is mandatory
stateOrProvinceName = optional # state is optional
organizationName = optional # organization name is optional
organizationalUnitName = optional # unit name is optional
commonName = optional # user name is mandatory
emailAddress = optional # email address is optional
The files that are referenced in the config file (cacert.pem, caprivkey.pem, index and serial) all exist the in the current directory. And if I change the name of any of them, I get an error saying the file doesn't exist, so I know error messages are displaying. I also get an error when trying to use a wrong private key, which I did just to test getting an error message.
Am I missing something?
ssl certificate openssl x509
asked Jan 18 at 21:03
AnthonyAnthony
62
add a comment |
I want to create a CA Certificate out of a CSR. The process is failing with no error message though, so I don't know where to find a solution.
[user@computer myca]$ openssl ca -config openssl.cnf -out user1cert.pem -in user1req.pem
Using configuration from openssl.cnf
[user@computer myca]$
My config file looks like this:
[ca]
default_ca = CA_default
[CA_default]
dir = . # where everything is kept
new_certs_dir = $dir # default place for new certs
serial = $dir/serial # the current serial number
database = $dir/index # database index file
certificate = $dir/cacert.pem # The CA certificate
private_key = $dir/caprivkey.pem # The private key
RANDFILE = $dir/.rand # private random number file
default_days = 730 # how long to certify for
default_md = sha256 # which message digest to use
policy = policy_any # which policy is used
[policy_any]
countryName = supplied # country name is mandatory
stateOrProvinceName = optional # state is optional
organizationName = optional # organization name is optional
organizationalUnitName = optional # unit name is optional
commonName = optional # user name is mandatory
emailAddress = optional # email address is optional
The files that are referenced in the config file (cacert.pem, caprivkey.pem, index and serial) all exist the in the current directory. And if I change the name of any of them, I get an error saying the file doesn't exist, so I know error messages are displaying. I also get an error when trying to use a wrong private key, which I did just to test getting an error message.
Am I missing something?
ssl certificate openssl x509
asked Jan 18 at 21:03
AnthonyAnthony
62
"I also get an error" - What error? Please edit your question instead of submitting a comment.
– Ramhound
Jan 19 at 1:47
add a comment |
I want to create a CA Certificate out of a CSR. The process is failing with no error message though, so I don't know where to find a solution.
[user@computer myca]$ openssl ca -config openssl.cnf -out user1cert.pem -in user1req.pem
Using configuration from openssl.cnf
[user@computer myca]$
My config file looks like this:
[ca]
default_ca = CA_default
[CA_default]
dir = . # where everything is kept
new_certs_dir = $dir # default place for new certs
serial = $dir/serial # the current serial number
database = $dir/index # database index file
certificate = $dir/cacert.pem # The CA certificate
private_key = $dir/caprivkey.pem # The private key
RANDFILE = $dir/.rand # private random number file
default_days = 730 # how long to certify for
default_md = sha256 # which message digest to use
policy = policy_any # which policy is used
[policy_any]
countryName = supplied # country name is mandatory
stateOrProvinceName = optional # state is optional
organizationName = optional # organization name is optional
organizationalUnitName = optional # unit name is optional
commonName = optional # user name is mandatory
emailAddress = optional # email address is optional
The files that are referenced in the config file (cacert.pem, caprivkey.pem, index and serial) all exist the in the current directory. And if I change the name of any of them, I get an error saying the file doesn't exist, so I know error messages are displaying. I also get an error when trying to use a wrong private key, which I did just to test getting an error message.
Am I missing something?
ssl certificate openssl x509
asked Jan 18 at 21:03
AnthonyAnthony
62
I want to create a CA Certificate out of a CSR. The process is failing with no error message though, so I don't know where to find a solution.
[user@computer myca]$ openssl ca -config openssl.cnf -out user1cert.pem -in user1req.pem
Using configuration from openssl.cnf
[user@computer myca]$
My config file looks like this:
[ca]
default_ca = CA_default
[CA_default]
dir = . # where everything is kept
new_certs_dir = $dir # default place for new certs
serial = $dir/serial # the current serial number
database = $dir/index # database index file
certificate = $dir/cacert.pem # The CA certificate
private_key = $dir/caprivkey.pem # The private key
RANDFILE = $dir/.rand # private random number file
default_days = 730 # how long to certify for
default_md = sha256 # which message digest to use
policy = policy_any # which policy is used
[policy_any]
countryName = supplied # country name is mandatory
stateOrProvinceName = optional # state is optional
organizationName = optional # organization name is optional
organizationalUnitName = optional # unit name is optional
commonName = optional # user name is mandatory
emailAddress = optional # email address is optional
The files that are referenced in the config file (cacert.pem, caprivkey.pem, index and serial) all exist the in the current directory. And if I change the name of any of them, I get an error saying the file doesn't exist, so I know error messages are displaying. I also get an error when trying to use a wrong private key, which I did just to test getting an error message.
Am I missing something?
ssl certificate openssl x509
ssl certificate openssl x509
asked Jan 18 at 21:03
AnthonyAnthony
62
asked Jan 18 at 21:03
AnthonyAnthony
62
edited Jan 18 at 21:24
Anthony
asked Jan 18 at 21:03
AnthonyAnthony
62
asked Jan 18 at 21:03
AnthonyAnthony
62
asked Jan 18 at 21:03
AnthonyAnthony
62
62
"I also get an error" - What error? Please edit your question instead of submitting a comment.
– Ramhound
Jan 19 at 1:47
add a comment |
"I also get an error" - What error? Please edit your question instead of submitting a comment.
– Ramhound
Jan 19 at 1:47
"I also get an error" - What error? Please edit your question instead of submitting a comment.
– Ramhound
Jan 19 at 1:47
"I also get an error" - What error? Please edit your question instead of submitting a comment.
– Ramhound
Jan 19 at 1:47
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1395921%2fopenssl-ca-certificate-generation-failing-without-error-message%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1395921%2fopenssl-ca-certificate-generation-failing-without-error-message%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
"I also get an error" - What error? Please edit your question instead of submitting a comment.
– Ramhound
Jan 19 at 1:47