Hi all,
I'm trying to become my own CA. wiki.excito.org/wiki/index.php/Be_your_own_CA
Followed the tutorial .. but I'm stuck at line 5
It says 'chmod 600 index.txt serial openssl.cnf '
But where do I get the index.txt and serial from?
When I enter this line it replys:
chmod: cannot access `index.txt': No such file or directory
chmod: cannot access `serial': No such file or directory
Any suggestions?
New user's registration have been closed due to high spamming and low trafic on this forum. Please contact forum admins directly if you need an account. Thanks !
Be your own CA - question
Re: Be your own CA - question
little addition:
First ignored the files and then got this:
openssl ca -config openssl.cnf -policy policy_anything -out certs/server.crt -infiles server.csr
Using configuration from openssl.cnf
Enter pass phrase for ./private/myca.key:
./index.txt: No such file or directory
unable to open './index.txt'
6601:error:02001002:system library:fopen:No such file or directory:bss_file.c:356:fopen('./index.txt','r')
6601:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:358:
root@b3:/home/bas/CA# openssl ca -config openssl.cnf -policy policy_anything -out certs/server.crt -infiles server.key
Using configuration from openssl.cnf
Enter pass phrase for ./private/myca.key:
./index.txt: No such file or directory
unable to open './index.txt'
6605:error:02001002:system library:fopen:No such file or directory:bss_file.c:356:fopen('./index.txt','r')
6605:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:358:
Then made empty files but that also didn't work:
openssl ca -config openssl.cnf -policy policy_anything -out certs/server.crt -infiles server.csr
Using configuration from openssl.cnf
Enter pass phrase for ./private/myca.key:
unable to load number from ./serial
error while loading serial number
6646:error:0D066096:asn1 encoding routines:a2i_ASN1_INTEGER:short line:f_int.c:215:
First ignored the files and then got this:
openssl ca -config openssl.cnf -policy policy_anything -out certs/server.crt -infiles server.csr
Using configuration from openssl.cnf
Enter pass phrase for ./private/myca.key:
./index.txt: No such file or directory
unable to open './index.txt'
6601:error:02001002:system library:fopen:No such file or directory:bss_file.c:356:fopen('./index.txt','r')
6601:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:358:
root@b3:/home/bas/CA# openssl ca -config openssl.cnf -policy policy_anything -out certs/server.crt -infiles server.key
Using configuration from openssl.cnf
Enter pass phrase for ./private/myca.key:
./index.txt: No such file or directory
unable to open './index.txt'
6605:error:02001002:system library:fopen:No such file or directory:bss_file.c:356:fopen('./index.txt','r')
6605:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:358:
Then made empty files but that also didn't work:
openssl ca -config openssl.cnf -policy policy_anything -out certs/server.crt -infiles server.csr
Using configuration from openssl.cnf
Enter pass phrase for ./private/myca.key:
unable to load number from ./serial
error while loading serial number
6646:error:0D066096:asn1 encoding routines:a2i_ASN1_INTEGER:short line:f_int.c:215:
Re: Be your own CA - question
you are correct that this is incorrect in the wiki.
In the openssl.cnf there's usually two lines that say
My suggestion to solve your problem would be to do
BTW: googling for "openssl index.txt serial" would have given you this information as well...
In the openssl.cnf there's usually two lines that say
Code: Select all
serial = $dir/serial
database = $dir/index.txtCode: Select all
touch index.txt
echo 1000 > serial
chmod 600 index.txt serial openssl.cnfRe: Be your own CA - question
echo 1000 > serial looks like the answer .....
Tanx
Tanx
Re: Be your own CA - question
Just use the script from THIS post, it handles all requirements for being your own CA
Re: Be your own CA - question
Gordon,
Your solution is running a big shell script from an uncredited source. Maybe it'll open a backdoor to your ssh server, reset your passwords or erase your hard drive.
Look, I appreciate your effort of making this script, but it's largely devoid of comments and instructions. It's generally bad practice for people to run unknown scripts from unknown sources. So please put this script in documented form in the wiki. Until then I will keep advising people to use the howto-method rather than the magic-script method.
Your solution is running a big shell script from an uncredited source. Maybe it'll open a backdoor to your ssh server, reset your passwords or erase your hard drive.
Look, I appreciate your effort of making this script, but it's largely devoid of comments and instructions. It's generally bad practice for people to run unknown scripts from unknown sources. So please put this script in documented form in the wiki. Until then I will keep advising people to use the howto-method rather than the magic-script method.
Re: Be your own CA - question
Sorry Beweb,
I had indeed forgotten to add these instructions
Thanks Ubi for also correcting the wiki
I had indeed forgotten to add these instructions
Thanks Ubi for also correcting the wiki
cheers
Eek
Eek
Re: Be your own CA - question
Maybe...Ubi wrote:Gordon,
Your solution is running a big shell script from an uncredited source. Maybe it'll open a backdoor to your ssh server, reset your passwords or erase your hard drive.
Look, I appreciate your effort of making this script, but it's largely devoid of comments and instructions. It's generally bad practice for people to run unknown scripts from unknown sources. So please put this script in documented form in the wiki. Until then I will keep advising people to use the howto-method rather than the magic-script method.
The thing about shell scripts is that you can read them. There's no real magic to it. Besides, about half of the lines in there are response feeds anyway and it's impossible to put comments in between those. And if you're still suspicious about running it, you can at least use it to learn what type of commands you can feed to openssl. Reinvent the wheel if you like, but if it turns out to look the same as the one I showed you I'd appreciate a word of credit. Okay?
Re: Be your own CA - question
Looked at the script but didn't quite understand the whole impact.
Given the fact that it's still online at this forum gives a clue about how trustfull it is.
But, given the lack of experience on my side, I choose the tutorial.
But thanks for pointing it out.
Given the fact that it's still online at this forum gives a clue about how trustfull it is.
But, given the lack of experience on my side, I choose the tutorial.
But thanks for pointing it out.