Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
957 views
in Technique[技术] by (71.8m points)

certificate - Management of a CA with OpenSSL

I tried to set up a CA to use for signing test CSRs. I have created an environment with the following folders:

21/01/2021  15:31    <DIR>          .
21/01/2021  15:31    <DIR>          ..
20/01/2021  15:41    <DIR>          certs
20/01/2021  15:41    <DIR>          crl
20/01/2021  15:41    <DIR>          newcerts
20/01/2021  16:18             2.531 openssl.cnf
20/01/2021  17:02    <DIR>          private
               1 File          2.531 byte
               6 Directory  61.883.015.168 byte disponibili

After that, I generated an RSA key and a self signed certificate.

OpenSSL> genrsa -aes256 -out private/ca.key.pem 4096
Generating RSA private key, 4096 bit long modulus
.........................................................................................++++
............++++
unable to write 'random state'
e is 65537 (0x10001)
Enter pass phrase for private/ca.key.pem:
4124:error:28069065:lib(40):UI_set_result:result too small:.cryptouiui_lib.c:831:You must type in 4 to 1023 characters
Enter pass phrase for private/ca.key.pem:
Verifying - Enter pass phrase for private/ca.key.pem:
OpenSSL>

OpenSSL> req -config openssl.cnf -key private/ca.key.pem -new -x509 -days 3650
Enter pass phrase for private/ca.key.pem:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
...

When I try to sign a CSR I use the command:

    openssl.exe ca -config openssl.cnf -extensions server_cert -notext -in server.csr -out server.cer
and I get the following error:
Using configuration from openssl.cnf
Error opening CA private key C:OpenSSL-Win64MyCA/private/ca.key.pem
6504:error:02001003:system library:fopen:No such process:.cryptoioss_file.c:413:fopen('C:OpenSSL-Win64MyCA/private/ca.key.pem','rb')
6504:error:20074002:BIO routines:FILE_CTRL:system lib:.cryptoioss_file.c:415:
unable to load CA private key
error in ca

Do you need to change anything in the configuration file? Or am I doing something wrong with the procedure?

question from:https://stackoverflow.com/questions/65829937/management-of-a-ca-with-openssl

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)
Waitting for answers

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...