Issue on Windows Server 2003 Resigning Expired CA certificate

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I have a client that has a CA certificate that has expired.  

They are running Windows Server 2003 and OpenSSL 0.9.8d and FreeRadius for authentiaction.  Their certificate expired yesterday afternoon and I've been trying to get it resigned but I'm getting the following eerrors:

E:\OpenSSL\bin\PEM\demoCA\private>e:\openssl\bin\openssl verify e:\openssl\bin\c
acert.pem
Error opening certificate file e:\openssl\bin\cacert.pem
3964:error:02001002:system library:fopen:No such file or directory:.\crypto\bio\
bss_file.c:352:fopen('e:\openssl\bin\cacert.pem','rb')
3964:error:20074002:BIO routines:FILE_CTRL:system lib:.\crypto\bio\bss_file.c:35
4:
unable to load certificate


E:\OpenSSL\bin>openssl ca -revoke "E:\openssl\bin\PEM\cacert.pem"
Using configuration from E:\OpenSSL\bin\openssl.cnf
Loading 'screen' into random state - done
Error opening CA private key ./demoCA/private/cakey.pem
352:error:02001003:system library:fopen:No such process:.\crypto\bio\bss_file.c:
352:fopen('./demoCA/private/cakey.pem','rb')
352:error:20074002:BIO routines:FILE_CTRL:system lib:.\crypto\bio\bss_file.c:354
:
unable to load CA private key

E:\OpenSSL\bin>openssl req -new -x509 -key "E:\OpenSSL\bin\PEM\demoCA\private\ca
key.pem" -set_serial 0000 -out "E:\OpenSSL\bin\PEM\demoCA\private\cakey.cer"
Enter pass phrase for E:\OpenSSL\bin\PEM\demoCA\private\cakey.pem:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.


E:\OpenSSL\bin>openssl x509 -req -days 3650 -in "E:\OpenSSL\bin\PEM\demoCA\priva
te\cakey.cer" -signkey "E:\OpenSSL\bin\PEM\demoCA\private\cakey.pem" -out "e:\Op
enSSL\bin\PEM\democa\private\cakey.pem"
Loading 'screen' into random state - done
2824:error:0906D06C:PEM routines:PEM_read_bio:no start line:.\crypto\pem\pem_lib
.c:644:Expecting: CERTIFICATE REQUEST

I also tried this command and it failed as well: 

openssl req -new -x509 -key previousprivatekey.pem -set_serial 0000 -out newroot.cer

Any suggestions?  Help would be appreciated.  

Thanks,
Brandon Shiers


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux