CA.all problem
Mack Ragan
ragan_davis at colstate.edu
Fri Sep 7 00:16:21 CEST 2007
Thanks Alan. I have actually figured out some openssl commands that
seem to have worked ok for me. I'll post them a little later for what
it's worth to anyone.
Alan DeKok wrote:
> Mack Ragan wrote:
>
>> Using the provided script "CA.all", trying to create self-signed certs
>> on a new freeradius box and running into a missing serial file problem.
>> Executing the commands in the script line-by-line shows that the command
>> "openssl ca -policy policy_anything -out newcert.pem -passin
>> pass:whatever -key whatever -extensions xpserver_ext -extfile
>> xpextensions -infiles newreq.pem" is what is looking for the file
>> "./demoCA/serial" which does not exist. I think it is normally created
>> during "CA.pl -newca" but this doesn't appear to happen with the
>> script's command of "echo "newreq.pem" | /usr/local/ssl/misc/CA.pl
>> -newca". I'm using OpenSSL version 0.9.8e. Anyone have this experience?
>>
>
> OpenSSL has changed the way their scripts run a number of times. I've
> pretty mich given up trying to keep up.
>
> Instead, use the certificate generation tools in 2.0.0-pre2. They're
> simple and easy to use.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list