Re: Intermediate cert file failure

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 07/27/2018 12:35 PM, Viktor Dukhovni wrote:



On Jul 27, 2018, at 11:25 AM, Robert Moskowitz <rgm@xxxxxxxxxxxxxxx> wrote:

3064446992:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:79:
variable lookup failed for CA_default::default_md
3064446992:error:0E06D06C:configuration file routines:NCONF_get_string:no value:crypto/conf/conf_lib.c:275:group=CA_default name=default_md

Well ca(1) wants either an explicit "md" option or a default_md.
Perhaps it does not yet support ed25519.  You can sign directly
with "openssl x509", but first try

	openssl ca -md null
or
	openssl ca -md default

and see if either of those work.


-md null worked:

   openssl ca -config $cadir/openssl-root.cnf -days 3650\
       -extensions v3_intermediate_ca -notext -md null\
       -in $dir/csr/intermediate.csr.$format\
       -out $dir/certs/intermediate.cert.pem
Can't open /root/ca/intermediate/index.txt.attr for reading, No such file or directory 3064946704:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:72:fopen('/root/ca/intermediate/index.txt.attr','r') 3064946704:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:79: 
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number:
            ad:0f:52:5d:91:70:1a:d3
        Validity
            Not Before: Jul 27 16:41:03 2018 GMT
            Not After : Jul 24 16:41:03 2028 GMT
        Subject:
            countryName               = US
            stateOrProvinceName       = MI
            organizationName          = HTT Consulting
            commonName                = Signing CA
        X509v3 extensions:
            X509v3 Subject Key Identifier:
DB:5F:0C:00:54:DD:A6:EB:61:BD:79:13:0A:2D:EA:0A:19:82:E8:C5
            X509v3 Authority Key Identifier:
keyid:D6:1B:BA:96:44:EF:F1:07:59:35:A7:F2:77:5F:82:24:21:53:9A:9F

            X509v3 Basic Constraints: critical
                CA:TRUE, pathlen:0
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Subject Alternative Name:
                email:postmaster@xxxxxxxxxxxxxxx
Certificate is to be certified until Jul 24 16:41:03 2028 GMT (3650 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

There was no file index.txt.attr, but now there is:

# cat index.txt.attr
unique_subject = yes

I don't remember this from my ecdsa work with 1.1.0
This issue with md is definitely and issue.  I can try -md null on the self-signed root cert, but it seems that this should not even be referenced for ed25519 

But I got my intermediate cert, so on to the next step.

thanks for your help, Viktor.


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux