Discussion:
OpenSSL Certificate Authority Setup
GVG GVG
2008-06-19 08:49:11 UTC
Permalink
Dear Group,

I was trying to create a my own CA for signing certificates for sendmail and
when I did apply the following command:

---------------------------
openssl ca -policy policy_anything -out cert.pem -infiles csr.pem
---------------------------

I got:

----------------------------
Using configuration from /etc/ssl/openssl.cnf
variable lookup failed for ca::default_ca
28423:error:0E06D06C:configuration file routines:NCONF_get_string:no
value:/usr/src/lib/libssl/src/crypto/conf/conf_lib.c:329:group=ca
name=default_ca
----------------------------

I understand that openssl.cnf doesn't have any 'ca' reference and it fails
but why is that? What's the reason not having this entry in the default
openssl OpenBSD configuration? I am missing something?

Also, in "http://openbsd.org/faq/faq10.html#HTTPS" explains how to sign the
certificate by yourself. Is that the same action?

Thanks for your support

George
Harald Dunkel
2008-06-19 10:02:49 UTC
Permalink
I know the man page for openssl is huge, but the man page for
isakmpd has some nice description about how to setup a local
CA. Maybe this helps as a starting point?


Good luck

Harri
Dorian Büttner
2008-06-19 16:25:50 UTC
Permalink
Post by GVG GVG
Dear Group,
I was trying to create a my own CA for signing certificates for sendmail and
---------------------------
openssl ca -policy policy_anything -out cert.pem -infiles csr.pem
---------------------------
----------------------------
Using configuration from /etc/ssl/openssl.cnf
variable lookup failed for ca::default_ca
28423:error:0E06D06C:configuration file routines:NCONF_get_string:no
value:/usr/src/lib/libssl/src/crypto/conf/conf_lib.c:329:group=ca
name=default_ca
----------------------------
I understand that openssl.cnf doesn't have any 'ca' reference and it fails
but why is that? What's the reason not having this entry in the default
openssl OpenBSD configuration? I am missing something?
Also, in "http://openbsd.org/faq/faq10.html#HTTPS" explains how to sign the
certificate by yourself. Is that the same action?
Thanks for your support
George
security/tinyca is a nice graphical tool for that, btw.
GVG GVG
2008-06-24 14:24:30 UTC
Permalink
Post by GVG GVG
Dear Group,
Post by GVG GVG
I was trying to create a my own CA for signing certificates for sendmail and
---------------------------
openssl ca -policy policy_anything -out cert.pem -infiles csr.pem
---------------------------
----------------------------
Using configuration from /etc/ssl/openssl.cnf
variable lookup failed for ca::default_ca
28423:error:0E06D06C:configuration file routines:NCONF_get_string:no
value:/usr/src/lib/libssl/src/crypto/conf/conf_lib.c:329:group=ca
name=default_ca
----------------------------
I understand that openssl.cnf doesn't have any 'ca' reference and it fails
but why is that? What's the reason not having this entry in the default
openssl OpenBSD configuration? I am missing something?
Also, in "http://openbsd.org/faq/faq10.html#HTTPS" explains how to sign the
certificate by yourself. Is that the same action?
Thanks for your support
George
security/tinyca is a nice graphical tool for that, btw.
Thanks all of you for your replies!
Finally I had to include the [ ca ] directive in the openssl.cnf file in
order to make it work!

George

Loading...