CA.all problem
Alan DeKok
aland at deployingradius.com
Thu Sep 6 22:48:27 CEST 2007
Mack Ragan wrote:
> Using the provided script "CA.all", trying to create self-signed certs
> on a new freeradius box and running into a missing serial file problem.
> Executing the commands in the script line-by-line shows that the command
> "openssl ca -policy policy_anything -out newcert.pem -passin
> pass:whatever -key whatever -extensions xpserver_ext -extfile
> xpextensions -infiles newreq.pem" is what is looking for the file
> "./demoCA/serial" which does not exist. I think it is normally created
> during "CA.pl -newca" but this doesn't appear to happen with the
> script's command of "echo "newreq.pem" | /usr/local/ssl/misc/CA.pl
> -newca". I'm using OpenSSL version 0.9.8e. Anyone have this experience?
OpenSSL has changed the way their scripts run a number of times. I've
pretty mich given up trying to keep up.
Instead, use the certificate generation tools in 2.0.0-pre2. They're
simple and easy to use.
Alan DeKok.
More information about the Freeradius-Users
mailing list