Can't Open Ssl/openssl.cnf for Reading, No Such File or Directory

View previous topic :: View next topic Writer Message arkas
n00b

Joined: 08 Dec 2010
Posts: 60

Posted: Wed February 16, 2011 9:12 pm   Postal service subject: [solved] unable to load CA private central
Hello, i`m setting up a mail service server and have a problem with SMTP hallmark and SSL Support. I did everything co-ordinate to the instructions from this manual: http://en.gentoo-wiki.com/wiki/Complete_Virtual_Mail_Server/SMTP_Authentication I want to generate a cocky-signed certificate and have the following error: # /etc/ssl/misc/CA.pl -sign Code: Using configuration from /etc/ssl/openssl.cnf unable to load CA individual key 140676492514984:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:696:Expecting: ANY PRIVATE Cardinal Signed document is in newcert.pem newcert.pem doesn`t exist!! Thanks for the help. Last edited by arkas on Tue Feb 22, 2011 eight:45 am; edited 1 time in total

Dorsum to top chiefbag
Guru

Joined: 01 Oct 2010
Posts: 542
Location: The Kingdom

Posted: Wed Feb 16, 2011 nine:43 pm   Post subject:
Practice you lot have a file chosen "serial" in the default ssl directory that you lot are trying to create the cert? This should have a value of "01" in it. Also you lot should take a file called "openssl.cnf" Y'all demand to create a file called "index.txt" besides Too you may need to export the SSL directory for example as below: export SSLDIR=/etc/ssl

Back to top arkas
n00b

Joined: 08 December 2010
Posts: 60

Posted: Wednesday February 16, 2011 ix:52 pm   Postal service discipline:
sorry, i`m relatively new.... I`t trying to do this in /etc/postfix!! In this folder is neither a serial file nore a openssl.cnf file!! Where do i notice these files? Or should i only create them? The index.txt file only take to exist? Or do i take to write someting in it? and the ssl directory in my case equally: export SSLDIR=/etc/postfix ? Thanks...

Back to superlative chiefbag
Guru

Joined: 01 Oct 2010
Posts: 542
Location: The Kingdom

Posted: Wed February 16, 2011 9:59 pm   Post subject:
Try the following commands as root: cd /etc/postfix /etc/ssl/misc/CA.pl -newca #enter hostname for all fields eg as below demo should friction match openssl req -new -nodes -subj '/CN=demo/O=demo/C=IE/ST=demo/L=demo/emailAddress=demo' -keyout FOO-fundamental.pem -out FOO-req.pem -days 3650 openssl ca -out FOO-cert.pem -infiles FOO-req.pem cp demoCA/cacert.pem . chmod 644 /etc/postfix/FOO-cert.pem /etc/postfix/cacert.pem chmod 400 /etc/postfix/FOO-key.pem

Back to acme arkas
n00b

Joined: 08 Dec 2010
Posts: 60

Posted: Thu Feb 17, 2011 vii:38 pm   Post subject:
I have done the following equally root: # cd /etc/postfix # /etc/ssl/misc/CA.pl -newca # openssl req -new -nodes -keyout FOO-key.pem -out FOO-req.pem -days 3650 # openssl ca -out FOO-cert.pem -infiles FOO-req.pem after the concluding command was the post-obit error: Lawmaking: Using configuration from /etc/ssl/openssl.cnf unable to load CA private key 139805840819880:error:0906D06C:PEM routines:PEM_read_bio:no kickoff line:pem_lib.c:696:Expecting: ANY Individual KEY With which command is the file named cakey.pem created? I think at this stage goes something wrong!! Because I have read the config-file /etc/ssl/openssl.cnf and it looks good simply that does not necessarily mean that it is so!! /etc/ssl/openssl.cnf: Code: ... [ CA_default ] dir                         = ./demoCA              # Where everything is kept certs                      = $dir/certs            # Where the issued certs are kept crl_dir                    = $dir/crl              # Where the issued crl are kept database                = $dir/index.txt        # database index file. #unique_subject      = no                    # Set to 'no' to let creation of # several ctificates with same subject. new_certs_dir         = $dir/newcerts         # default identify for new certs. document               = $dir/cacert.pem       # The CA document series                     = $dir/serial           # The current serial number crlnumber              = $dir/crlnumber        # the current crl number # must be commented out to exit a V1 CRL crl                          = $dir/crl.pem          # The current CRL #private_key          = ./cakey.pem          # The private central private_key            = $dir/private/cakey.pem RANDFILE               = $dir/private/.rand    # private random number file x509_extensions      = usr_cert              # The extentions to add to the cert # Comment out the following 2 lines for the "traditional" # (and highly broken) format. name_opt        = ca_default            # Discipline Name options ... And the file exists in said path!!

Back to height chiefbag
Guru

Joined: 01 Oct 2010
Posts: 542
Location: The Kingdom

Posted: Fri February xviii, 2011 nine:27 am   Postal service field of study:
Quote: With which command is the file named cakey.pem created? I think at this stage goes something wrong!! cakey.pem is created with the first control this is the output y'all should receive as below. I know I suggested setting your SSLDIR in a previous post all the same this is not needed, try removing this if you have fix information technology. gen-vm postfix # ls -altr demoCA/individual/cakey.pem ls: cannot access demoCA/private/cakey.pem: No such file or directory gen-vm postfix # /etc/ssl/misc/CA.pl -newca CA certificate filename (or enter to create) Making CA document ... Generating a 1024 scrap RSA private central .............++++++ ........................................++++++ writing new individual primal to './demoCA/private/cakey.pem' Enter PEM pass phrase: Verifying - Enter PEM laissez passer phrase: ----- You are almost to be asked to enter data that will be incorporated into your certificate request. What you lot are well-nigh to enter is what is called a Distinguished Proper name or a DN. There are quite a few fields just yous can leave some blank For some fields in that location will be a default value, If y'all enter '.', the field will exist left blank. ----- State Proper noun (2 letter lawmaking) [AU]:IE Country or Province Name (full name) [Some-Country]:demo Locality Name (eg, city) []:demo Organization Name (eg, company) [Internet Widgits Pty Ltd]:demo Organizational Unit of measurement Name (eg, department) []:demo Common Proper name (eg, YOUR name) []:demo Electronic mail Address []: Please enter the following 'actress' attributes to be sent with your certificate request A challenge password []: An optional company name []: Using configuration from /etc/ssl/openssl.cnf Enter pass phrase for ./demoCA/private/cakey.pem: Check that the request matches the signature Signature ok Document Details: Serial Number: fb:d2:0b:f7:28:54:37:40 Validity Not Before: Feb 18 09:21:48 2011 GMT Not Subsequently : Feb 17 09:21:48 2014 GMT Subject: countryName = IE stateOrProvinceName = demo organizationName = demo organizationalUnitName = demo commonName = demo X509v3 extensions: X509v3 Subject Central Identifier: lxxx:7C:B5:6A:13:2A:55:CE:36:51:C8:FA:E7:D4:12:EE:68:47:CF:47 X509v3 Authority Key Identifier: keyid:lxxx:7C:B5:6A:13:2A:55:CE:36:51:C8:FA:E7:D4:12:EE:68:47:CF:47 X509v3 Bones Constraints: CA:TRUE Document is to exist certified until February 17 09:21:48 2014 GMT (1095 days) Write out database with 1 new entries Data Base Updated gen-vm postfix # ls -altr demoCA/private/cakey.pem -rw-r--r-- 1 root root 1041 Feb 18 09:21 demoCA/individual/cakey.pem

Back to top arkas
n00b

Joined: 08 Dec 2010
Posts: 60

Posted: Fri Feb 18, 2011 4:eleven pm   Post subject:
hm, I haven`t prepare the ssl dir!! Furthemore I have no output after the command!! (17:10:56) gero postfix # /etc/ssl/misc/CA.pl -newca (17:11:03) gero postfix # What should I practise?

Dorsum to top chiefbag
Guru

Joined: 01 Oct 2010
Posts: 542
Location: The Kingdom

Posted: Fri Feb 18, 2011 iv:39 pm   Post subject field:
This is curious! what is the output of: locate CA.pl Did you lot accidently delete this file or files? Try re emerging openssl emerge -va openssl

Back to top arkas
n00b

Joined: 08 December 2010
Posts: 60

Posted: Fri Feb 18, 2011 6:32 pm   Mail subject:
(19:30:56) gero ~ # locate CA.pl /etc/ssl/misc/CA.pl /usr/share/human being/man1/openssl-CA.pl.1ssl.bz2 /usr/share/homo/man1/ssl-CA.pl.1ssl.bz2 reemerging openssl as follows: Code: These are the packages that would be merged, in reverse gild: Calculating dependencies... done! [ebuild   R   ] dev-libs/openssl-i.0.0d  USE="gmp (sse2) zlib -bindist -kerberos -rfc3779 -exam" 0 kB Full: 1 package (1 reinstall), Size of downloads: 0 kB Then I take deleted the file ./demoCA/private/cakey.pem (20:14:56) gero private # cd /etc/postfix/ (20:16:0 gero postfix # /etc/ssl/misc/CA.pl -newca Lawmaking: CA certificate filename (or enter to create) Making CA certificate ... Generating a 1024 chip RSA private key ....++++++ ...................++++++ writing new individual key to './demoCA/private/cakey.pem' Enter PEM pass phrase: 140698967770792:error:28069065:lib(40):UI_set_result:upshot too pocket-sized:ui_lib.c:869:You must type in iv to 1024 characters 140698967770792:mistake:0906406D:PEM routines:PEM_def_callback:problems getting countersign:pem_lib.c:111: 140698967770792:error:0907E06F:PEM routines:DO_PK8PKEY:read central:pem_pk8.c:130: Using configuration from /etc/ssl/openssl.cnf unable to load CA private primal 140393571014312:mistake:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:696:Expecting: ANY PRIVATE KEY Last edited by arkas on Fri Feb 18, 2011 8:17 pm; edited 1 time in total

Back to top chiefbag
Guru

Joined: 01 Oct 2010
Posts: 542
Location: The Kingdom

Dorsum to peak arkas
n00b

Joined: 08 Dec 2010
Posts: 60

Back to peak chiefbag
Guru

Joined: 01 Oct 2010
Posts: 542
Location: The Kingdom

Back to elevation arkas
n00b

Joined: 08 Dec 2010
Posts: lx

Posted: Fri Feb xviii, 2011 eight:eleven pm   Post subject:
ok... Practise I take to think this pass phrase?

Back to superlative chiefbag
Guru

Joined: 01 October 2010
Posts: 542
Location: The Kingdom

Back to summit arkas
n00b

Joined: 08 Dec 2010
Posts: threescore

Posted: Fri Feb 18, 2011 viii:33 pm   Post bailiwick:
I'm distressing, I did not know much about when it comes to this subject. I only want to learn some things!! In any instance, I thanks a lot! Unless it works!!

Dorsum to top chiefbag
Guru

Joined: 01 Oct 2010
Posts: 542
Location: The Kingdom

Posted: Fri Feb 18, 2011 9:23 pm   Post subject:
@arkas No problem. "The mean solar day that one thinks they know it all is the twenty-four hours after 1 should take died". I tip for time to come is to mail all of the error message from the offset of the post, this saves fourth dimension for everyone. Please marking this thread solved. If y'all demand a total postfix How To allow me know.

Dorsum to top Aileencita
n00b

Joined: 18 Mar 2015
Posts: 1

Posted: Wed Mar 18, 2015 6:05 pm   Postal service subject: Problem generating Document because phassphrase was in bl
I had a problem with my certificate because I left passphrase in blank, so then I could non generate some other certificate or open up the current one I tried deleting the cakey.pem from your $dir/CA/private Starting time at all check your openssl.cnf in CentOs is in /etc/pki/tls/openssl.cnf. Check the value dir=xxxxxxx Enter in that path (case: /etc/pki/tls/openssl.cnf) and check $dir Enter in $dir (example: /etc/pki/CA) and discover /private Deletes the fundamental file cakey.pem At present, everything should going back to normally. Try to generate your Document over again (example: $/etc/pki/tls/misc/CA -newca) and That'south it!!! Good luck and I hope this mail service volition be helpful!

Dorsum to superlative

Display posts from previous:  

worrellquithethand.blogspot.com

Source: https://forums.gentoo.org/viewtopic-p-7718762.html

Share this post