Error Opening Ca Private Key /etc/pki/ca/private/cakey.pem
set a ssl certificate authority on a second installation of ispconfig I get this error when doing openssl ca Code: [[emailprotected] ~]# openssl ca Using configuration from /etc/pki/tls/openssl.cnf Error opening CA private key ../../CA/private/cakey.pem 30739:error:02001002:system library:fopen:No such file or directory:bss_file.c:352:fopen('../../CA/private/cakey.pem','r') 30739:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:354: unable to load CA private key [[emailprotected] ~]# Is there a reason why this is? Does the perfect install for centos 5.1 cause this somehow? Rockdrala, Jan 9, 2008 #1 till Super Moderator Staff Member ISPConfig Developer For me it looks as if you have to create a openssl key for the ca first. till, Jan 9, 2008 #2 Rockdrala New Member Im following instructions from http://mia.ece.uic.edu/~papers/volans/settingupCA.html set two quotes Openssl has a global configuration file that it uses. To find out the location of this file use [emailprotected]:~> openssl ca Using configuration from /usr/share/ssl/openssl.cnf ---SNIP-- This file has some useful sections.. Take a look at it. Pretty much self explanatory. Let us now start making our own Certificate Authority So im assuming "openssl ca" is supposed to show global configurations. i cant go to step 3 if step 2 doesnt have the global configuration files it needs :O I remember making symlinks in the Perfect setup guide for centos 5.1 as instructed. Thats why im asking. Last edited: Jan 9, 2008 Rockdrala, Jan 9, 2008 #3 till Super Moderator Staff Member ISPConfig Developer The global configuration file in your case is: /etc/pki/tls/openssl.cnf But if you just want to use SSL certificates in ISPConfig websites, I recommend to use the builtin functions of ISPConfig to create a csr and certificate. till, Jan 9, 2008 #4 Rockdrala New Member So this sets up a CA in ISPconfig? Here is my goal. I have ns1 and ns2 on different boxes. my ns1 hosts websites as well. They both have ispconfig in
here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site About Us Learn more about Stack Overflow the company Business Learn more about hiring developers or posting ads with us Stack Overflow Questions Jobs Documentation Tags Users Badges Ask Question x Dismiss Join the Stack Overflow Community Stack Overflow is a community of 4.7 million programmers, just like you, helping each other. Join them; it only takes a minute: Sign up Error opening CA private key on Ubuntu up vote 1 down vote favorite 1 I am trying to create a https://www.howtoforge.com/community/threads/ssl-problems.19200/ self-signed certificate using OpenSSL on Ubuntu 14.04. When I enter the command openssl ca -in tempreq.pem -out server_crt.pem, I get the following error: Using configuration from /root/myCA/caconfig.cnf **Error opening CA private key** ~/myCA/private/cakey.pem 139754719667872:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('~/myCA/private/cakey.pem','r') 139754719667872:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400: unable to load CA private key I have already verified that nano ~/myCA/private/cakey.pem command opens the cakey.pem file, and that the read permission for this file is enabled. Any help will http://stackoverflow.com/questions/27891193/error-opening-ca-private-key-on-ubuntu be appreciated. Thanks! ubuntu openssl self-signed share|improve this question edited Jan 13 '15 at 19:41 jww 35.4k21112224 asked Jan 11 '15 at 19:31 Neo_999 816 1 This question appears to be off-topic because it is not about programming or development. Perhaps Super User or Ubuntu Stack Exchange would be a better place to ask. –jww Jan 13 '15 at 19:40 add a comment| 1 Answer 1 active oldest votes up vote 2 down vote accepted You seem to be running as root, check that you haven't accidentally followed the instructions on the ubuntu.com OpenSSL article too literally and set the dir param in /root/myCA/caconfig.cnf to /home/root/myCA. This as the root home dir differs from all other home directories by residing in the top folder. So if you have set it to /home/root/myCA, that is not valid, you have to change it to /root/myCA. Edit (as this was the problem): Using "~" in the configuration might not work as it might not be expanded properly by openssl. If you are, try use absolute paths instead. share|improve this answer edited Feb 6 '15 at 22:07 answered Jan 11 '15 at 19:48 Nicklas Börjesson 313110 Thank you for the reply. Yes, I have taken this into account. I get this error while my dir parameter is
and to help other users in the Splunk community with their own questions. This quick tutorial will help you get started with key https://answers.splunk.com/answers/137607/error-opening-ca-certificate-ca-pem.html features to help you find the answers you need. You will receive 10 karma points upon successful completion! Get Started Skip Tutorial Splunk.com Documentation Splunkbase Answers Wiki Blogs Developers Sign http://makewhatis.com/2012/04/07/setting-up-a-simple-certificate-authority-with-openssl/ Up Sign in FAQ Refine your search: Questions Apps Users Tags Search Home Answers ask a question Badges Tags Users Welcome to Splunk Answers! Not what you were looking error opening for? Refine your search. Search Error opening CA Certificate ca.pem 0 I just downloaded a new 6.1 copy of Splunk for FreeBSD. After a wget download and running (tar zxvf splunk-6.1.1-207789-freebsd-7.3-amd64.tgz), I felt I was ready to start Splunk. So I ran ( /opt/splunk/bin/splunk start) and this happened < SEE BELOW >. Any ideas of what might be going on error opening ca with the ca.pem file issue? I recently upgraded openssl to v1.0.1g. Could that be causing me issues? Or is there some step I've overlooked during the install? Thanks, Splunk> Like an F-18, bro. Checking prerequisites... Checking http port [8000]: open Checking mgmt port [8089]: open Checking configuration... Done. Checking critical directories... Done Checking indexes... Validated: _audit _blocksignature _internal _introspection _thefishbucket history main summary Done New certs have been generated in '/opt/splunk/etc/auth'. Checking filesystem compatibility... Done Checking conf files for problems... Done All preliminary checks passed. Starting splunk server daemon (splunkd)... Done Starting splunkweb... Generating certs for splunkweb server Generating a 1024 bit RSA private key .....++++++ ...........................++++++ writing new private key to 'privKeySecure.pem' Signature ok subject=/CN=DOMAIN.NAME/O=SplunkUser Error opening CA Certificate ca.pem 34377709224:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('ca.pem','r') 34377709224:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400: unable to load certificate Command failed (ret=1), exiting. install certificate ca.pem Question by albyva May 26, 2014 at 05:03 PM 324 ● 3 ● 8 ● 7 Most Recent Activity: Edited by aileencita 20 ● 2 People who like this Close 0 Comment 10 |10000 characters needed character
follow standards, and am guessing that I will have to use a CA signed cert when setting this up. So in the name of doing things right, I’m going to setup a little CA that I can work with. Setting up OpenSSL as a Certificate Authority I set this CA up on Fedora 16, the official AMI on EC2. Right out of the box OpenSSL is ready to act as a CA, so this was not that crazy. There is a perl script that does most of the heavy lifting for you. The Prereqs Install the CA.pl with the package openssl-perl [root@ca ~] yum install openssl-perl The Setup First I looked to see what the default CA configuration was in the /etc/pki/tls/openssl.cnf. [ CA_default ] dir = /etc/pki/CA # Where everything is kept certs = $dir/certs # Where the issued certs are kept crl_dir = $dir/crl # Where the issued crl are kept database = $dir/index.txt # database index file. #unique_subject = no # Set to 'no' to allow creation of new\_certs\_dir = $dir/newcerts # default place for new certs. certificate = $dir/cacert.pem # The CA certificate serial = $dir/serial # The current serial number crlnumber = $dir/crlnumber # the current crl number # must be commented out to leave a V1 CRL crl = $dir/crl.pem # The current CRL private_key = $dir/private/cakey.pem# The private key RANDFILE = $dir/private/.rand # private random number file x509_extensions = usr_cert # The extentions to add to the cert # Comment out the following two lines for the "traditional" # (and highly broken) format. name_opt = ca_default # Subject Name options cert_opt = ca_default # Certificate field options So it looks like the default area for CA stuff is /etc/pki/CA. I saw a ton of guides out there doing things differently, but I find its generally nice to stay to the default the application maintainers steer you to, until you know why it should be different. Looking in CA.pl I can see that they hard coded that path as well. $SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"}; $DAYS="-days 365"; # 1 year $CADAYS="-days 1095"; # 3 years $REQ="$openssl req $SSLEAY_CONFIG"; $CA="$openssl ca $SSLEAY_CONFIG"; $VERIFY="$openssl verify"; $X509="$openssl x509"; $PKCS12="$openssl pkcs12"; $CATOP="/etc/pki/CA"; $CAKEY="cakey.pem"; $CAREQ="careq.pem"; $CACERT="cacert.pem"; $DIRMODE = 0777; $RET = ; In that default directory there are already a few things that were created by default in Fedora, the script will create some directories of its own as well. [root@ca ~] ls /etc/pki/CA/ certs crl newcerts private Change into the PKI directory that has the perl script, /etc/pki/tls/misc, and run the script [roo