Ssl help

John T. Guthrie guthrie at counterexample.org
Mon Mar 12 21:58:37 CET 2007 

On Mon, 2007-03-12 at 13:52 -0400, Hillary Marek wrote:
>  I am trying to set up a Fedora Core 6 computer as a FreeRadius Server.
> It is currently running, and authenticating via mac address. I also want
> to set the same computer up as a CA using openssl. When I run the CA
> script, I get the following output:
> 
> 
> CA certificate filename (or enter to create)
> 
> Making CA certificate ...
> Generating a 1024 bit RSA private key
> ..........................................++++++
> ..++++++
> writing new private key to './CAtop/private/./cakey.pem'
> Enter PEM pass phrase:
> Verifying - Enter PEM pass phrase:
> -----
> You are about to be asked to enter information that will be incorporated
> into your certificate request.
> What you are about to enter is what is called a Distinguished Name or a
> DN.
> There are quite a few fields but you can leave some blank
> For some fields there will be a default value,
> If you enter '.', the field will be left blank.
> -----
> Country Name (2 letter code) [US]:
> State or Province Name (full name) [******]:
> ***** []:
> Organization Name (eg, company) [******]:
> Organizational Unit Name (eg, section) [MIS]:
> Hillary Marek []:
> hmarek at hazen.com []:
> 
> Please enter the following 'extra' attributes
> to be sent with your certificate request
> A challenge password []:
> An optional company name []:
> Using configuration from /etc/pki/tls/openssl.cnf
> Enter pass phrase for ./CAtop/private/./cakey.pem:
> I am unable to access the ../../CA/newcerts directory
> ../../CA/newcerts: No such file or directory
> 
> It seems to run finde until that last error. Any ideas?
> All answers are appreciated.

By the CA script, I assume you are talking about the
script /etc/pki/tls/misc/CA, correct?  Whether you are using that or the
CA.pl script, both scripts make the assumption the the CA directory is
called ../../CA.  (Of course, that assumption only has a chance of being
true if you run the scripts from within the /etc/pki/tls/misc
directory.)  If you changed the dir variable in the openssl.cnf file,
then these things would be out of sync, which can cause problems.  It
looks like you might have change the dir variable to ./CAtop, is that
correct?  If so, then I think you need to change the CATOP variable in
the CA script to be the same thing.

-- 
John Guthrie
guthrie at counterexample.org

More information about the Freeradius-Users mailing list