3

I created a certificate authority in Ubuntu using this command:

openssl req -config /etc/ssl/openssl.cnf -new -x509 -keyout ck.pem -out cacert.pem -days 365

Then I created a certificate request using:

openssl req -out C.csr -new -newkey rsa:2048 -nodes -keyout c_p.key

I would like to sign this request using the certificate authority I created. For that I executed:

openssl ca -config /etc/ssl/openssl.cnf -policy optional -out C.crt -infiles C.csr

But I get the error: 

Using configuration from /etc/ssl/openssl.cnf unable to load CA
private key 140189274035872:error:0906D06C:PEM
routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: ANY
PRIVATE KEY

How can I get rid of this error? Will this command use the authority I defined above or maybe some default authority in the system?

EDIT:

For completeness I leave the steps that I had to do:

  1. Create the relevant files:
mkdir demoCA
mkdir ./demoCA/newcerts
touch ./demoCA/index.txt

Also create a "serial" file in demoCA that contains 01 and a newline at the end.

  1. Certify:
openssl ca -config /etc/ssl/openssl.cnf -cert cacert.pem -keyfile ck.pem -out C.crt -infiles C.csr
Improve this question

1 Answer 1

Reset to default
5

You've created a new key pair with the first command. You now need to tell the OpenSSL CA about these.

Either edit /etc/ssl/openssl.cnf and ensure that the private_key and certificate lines point to the new private key and certificate file locations, or use the -cert and -keyfile arguments to the openssl ca command to override the values in /etc/ssl/openssl.cnf.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.