The content of this topic has been archived on 24 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.
I am trying to setup a routed openvpn server
on my router. I also run a asterisk server (so you will see the ports in my firewall)
I am getting a error when I try to setup
# openssl ca -out server.crt -in server.csr
Using configuration from /etc/ssl/openssl.cnf
Error opening CA private key ./demoCA/private/cakey.pem
1056:error:02001002:lib(2):func(1):reason(2):NA:0:fopen('./demoCA/private/cakey.pem','r')
1056:error:20074002:lib(32):func(116):reason(2):NA:0:
unable to load CA private key
Had/have you already created the CA cert/key?
If yes, make sure the path is correct in /etc/ssl/openssl.cnf-
[ CA_default ]
dir = ./demoCA # Where everything is keptIf no, create them with these commands-
cd /etc/ssl
mkdir -p demoCA/private
mkdir -p demoCA/certs
openssl req -new -x509 -keyout demoCA/private/cakey.pem -out demoCA/certs/cacert.pem -days 3650 -config openssl.cnfHope this helps,
Charlie
maybe I am supposta make the dir directly where it actualy is?
[ CA_default ]
dir = /etc/demoCA # Where everything is kept
this is what I got from that.. though lest It asked for a password it did something though disappointing that it died after that ugh...
be nice if someone had a nice image of openwrt pre setup for a muilti user setup.. ready to go..
root@domo:/etc# openssl ca -out server.crt -in server.csr
Using configuration from /etc/ssl/openssl.cnf
Error opening CA private key ./demoCA/private/cakey.pem
1068:error:02001002:lib(2):func(1):reason(2):NA:0:fopen('./demoCA/private/cakey.pem','r')
1068:error:20074002:lib(32):func(116):reason(2):NA:0:
unable to load CA private key
root@domo:/etc# cd ssl
root@domo:/etc/ssl# openssl ca -out server.crt -in server.csr
Using configuration from /etc/ssl/openssl.cnf
Enter pass phrase for ./demoCA/private/cakey.pem:
Error opening CA certificate ./demoCA/cacert.pem
1069:error:02001002:lib(2):func(1):reason(2):NA:0:fopen('./demoCA/cacert.pem','r')
1069:error:20074002:lib(32):func(116):reason(2):NA:0:
unable to load certificate
root@domo:/etc/ssl#
ok well that did not work
dir = /etc/ssl/demoCA # Where everything is kept
root@domo:/etc/ssl# openssl ca -out server.crt -in server.csr
Using configuration from /etc/ssl/openssl.cnf
Enter pass phrase for /etc/ssl/demoCA/private/cakey.pem:
Error opening CA certificate /etc/ssl/demoCA/cacert.pem
567:error:02001002:lib(2):func(1):reason(2):NA:0:fopen('/etc/ssl/demoCA/cacert.pem','r')
567:error:20074002:lib(32):func(116):reason(2):NA:0:
unable to load certificate
root@domo:/etc/ssl#
It looks to me a error telling me it can not open it.. .. why I dunno
anyone understand why?
so is the only way to do this is to gen keys and certs on windows?! come on someone out there has had to of done this before.. on the white russian??!
This is an old thread and you probably have already solved it, but when I tried to create some certs, I had to add a few lines to openssl.conf:
[ ca ]
default_ca = CA_default # The default ca section
[ CA_default ]
dir =/etc/ssl
certs = $dir/certs # Where the issued certs ar
serial = $dir/serial
private_key = $dir/private/my-ca.key # The private
certificate = $dir/certs/my-ca.crt # The CA certi
database = $dir/index.txt # database ind
new_certs_dir = $dir/newcerts # default plac
RANDFILE = $dir/private/.rand # private random
default_md = sha1 # which md to us
default_days = 365 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = sha1 # which md to use.
preserve = no # keep passed DN ordering
policy = policy_match
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optionalSee if that helps you out.
The discussion might have continued from here.