Mack Ragan wrote:
Using the provided script "CA.all", trying to create self-signed certs
on a new freeradius box and running into a missing serial file problem.
Executing the commands in the script line-by-line shows that the command
"openssl ca -policy policy_anything -out newcert.pem -passin
pass:whatever -key whatever -extensions xpserver_ext -extfile
xpextensions -infiles newreq.pem" is what is looking for the file
"./demoCA/serial" which does not exist. I think it is normally created
during "CA.pl -newca" but this doesn't appear to happen with the
script's command of "echo "newreq.pem" | /usr/local/ssl/misc/CA.pl
-newca". I'm using OpenSSL version 0.9.8e. Anyone have this experience?
OpenSSL has changed the way their scripts run a number of times. I've
pretty mich given up trying to keep up.
Instead, use the certificate generation tools in 2.0.0-pre2. They're
simple and easy to use.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html