關於利用openssl生成證書的問題(請求版主相助!)
1.生成跟證書(CA):
# ./CA.sh -newca
故建立好了CA伺服器,根證書的私鑰為:/usr/local/openssl/ssl/misc/demoCA/private//usr/local/openssl/ssl/misc/demoCA/private/cakey.pem,
根證書為:/usr/local/openssl/ssl/misc/demoCA/careq.pem
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
2.簽署伺服器證書:
@生成伺服器私鑰:
# openssl genrsa -des3 -out server.key 1024
故生成伺服器私鑰為:/usr/local/openssl/ssl/misc/server.key
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# openssl req -new -key server.key -out server.csr
生成伺服器證書為:/usr/local/openssl/ssl/misc/server.csr
最後把server.crt文件mv成newreq.pem,然後用CA.sh來簽證就可以了
# ls
CA.pl CA.sh c_hash c_info c_issuer c_name demoCA server.csr server.key
# mv server.csr newreq.pem
# ls
CA.pl CA.sh c_hash c_info c_issuer c_name demoCA newreq.pem server.key
# mv server.csr newreq.pem
# ./CA.sh -sign
Using configuration from /usr/share/ssl/openssl.cnf
Enter pass phrase for ./demoCA/private/cakey.pem:
unable to load CA private key
30442:error:06065064:digital envelope routines:EVP_DecryptFinal:bad decrypt:evp_enc.c:438:
30442:error:0906A065:PEM routines:PEM_do_header:bad decrypt:pem_lib.c:421:
cat: newcert.pem: No such file or directory
Signed certificate is in newcert.pem
各位高手看看藍色部分出現的情況是什麼引起的,謝謝!
[ 本帖最後由 shineboy816 於 2009-2-20 09:40 編輯 ]
《解決方案》
./demoCA/private/cakey.pem:
unable to load CA private key
這個地方不對 檢查目錄 :)
