[Openswan Users] Problem with openssl ca
sean at obstacle9.com
sean at obstacle9.com
Sat Dec 17 14:31:38 CET 2005
Hey Nick,
While not an answer to your originally query, take a look at CSP, a CA
management tool written in perl. I use it to generate CA and peer certs;
I've found it quite easy to use and maintain for the most part.
http://devel.it.su.se/pub/jsp/polopoly.jsp?d=1026&a=3290
cheers,
sk
On Sat, 17 Dec 2005, Nick Norman wrote:
> On Wednesday 14 Dec 2005 18:18, Paul Wouters wrote:
> > On Wed, 14 Dec 2005, Nick Norman wrote:
> > > All appears to be Ok all installed, run CA.sh -new ca appears to run OK,
> > > but when I issue openssl ca -gencrl -out crl.pem I get an error saying
> > > that there is no cacert.pem, this is correct one has not been written.
> > >
> > > So the question is - what am I missing?
> >
> > Have a look at http://www.natecarlson.com/linux/ipsec-x509.php#casetup
> >
> > check your openccl.cnf for filepaths where it has put your CA certificate.
> > If you use any non-standard path, you need to specify if for each command,
> > using with the -in option.
> >
> > Paul
> Hi Paul (and others)
>
> Done all that (and more, all the .cnf & CA.sh files all agree where to put
> files - unless I've missed one!) and still ... no cacert.pem is written. I
> am root (well su) and chmod 700 has been done on /var/sslca/ as per the url
> above.
>
> Now starting to tear what little hair I have left out
>
> Regards & TIA
>
> Nick
> --
> 'How come you know all that stuff?'
> 'I ain't just a pretty face.'
> 'You aren't even a pretty face, Gaspode.'
> (Moving Pictures)
> 12:14:46 up 11 days, 4:08, 5 users, load average: 0.11, 0.08, 0.06
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
>
More information about the Users
mailing list