Error Opening Ca Private Key /etc/ssl/private/cakey.pem
here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site About Us Learn more about Stack Overflow the company Business Learn more about hiring developers or posting ads with us Stack Overflow Questions Jobs Documentation Tags Users Badges Ask Question x Dismiss Join the Stack Overflow Community Stack Overflow is a community of 4.7 million programmers, just like you, helping each other. Join them; it only takes a minute: Sign up Error opening CA private key on Ubuntu up vote 1 down vote favorite 1 I am trying to create a self-signed certificate using OpenSSL on Ubuntu 14.04. When I enter the command openssl ca -in tempreq.pem -out server_crt.pem, I get the following error: Using configuration from /root/myCA/caconfig.cnf **Error opening CA private key** ~/myCA/private/cakey.pem 139754719667872:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('~/myCA/private/cakey.pem','r') 139754719667872:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400: unable to load CA private key I have already verified that nano ~/myCA/private/cakey.pem command opens the cakey.pem file, and that the read permission for this file is enabled. Any help will be appreciated. Thanks! ubuntu openssl self-signed share|improve this question edited Jan 13 '15 at 19:41 jww 35.4k21112224 asked Jan 11 '15 at 19:31 Neo_999 816 1 This question appears to be off-topic because it is not about programming or development. Perhaps Super User or Ubuntu Stack Exchange would be a better place to ask. –jww Jan 13 '15 at 19:40 add a comment| 1 Answer 1 active oldest votes up vote 2 down vote accepted You seem to be running as root, check that you haven't accidentally followed the instructions on the ubuntu.com OpenSSL article too literally and set the dir param in /root/myCA/caconfig.cnf to /home/root/myCA. This as the root home dir differs from all other home directories by residing in the top folder. So if you have set it to /home/root/myCA, that is not valid, you have to change it to /root/myCA. Edit (as this was the problem): Using "~" in the configuration might not work as it might not be expanded properly by openssl.
Get Kubuntu Get Xubuntu Get Lubuntu Get UbuntuStudio Get Mythbuntu Get Edubuntu Get Ubuntu-GNOME Get UbuntuKylin Ubuntu Code of Conduct Ubuntu Wiki Community Wiki Other Support Launchpad Answers Ubuntu IRC Support AskUbuntu Official Documentation User Documentation Social Media Facebook Twitter Useful Links Distrowatch Bugs: Ubuntu PPAs: Ubuntu Web Upd8: Ubuntu OMG! Ubuntu Ubuntu Insights Planet Ubuntu Activity Page Please read before SSO login Advanced Search Forum The Ubuntu Forum Community Ubuntu Specialised Support Ubuntu Servers, Cloud and Juju Server Platforms [ubuntu] Trying to configure a CA Having an Issue With Posting ? Do you want to help us debug the posting issues ? < is the place to report it, thanks ! Page http://stackoverflow.com/questions/27891193/error-opening-ca-private-key-on-ubuntu 1 of 2 12 Last Jump to page: Results 1 to 10 of 17 Thread: Trying to configure a CA Thread Tools Show Printable Version Subscribe to this Thread… Display Linear Mode Switch to Hybrid Mode Switch to Threaded Mode November 20th, 2011 #1 jaywatkins View Profile View Forum Posts Private Message Visit Homepage A Carafe of Ubuntu Join Date Dec 2005 Location Philly PA, USA Beans 90 DistroUbuntu 11.10 Oneiric Ocelot Trying to configure https://ubuntuforums.org/showthread.php?t=1883758 a CA Hello, I am trying to setup a CA on my Ubuntu Server (11.10) VM for purposes of secure Postfix/Dovecot. I started by following the tutorial on the Ubuntu Server Guide at; https://help.ubuntu.com/11.10/server...cate-authority I have followed the instructions on the page verbatim (literally via copy and paste) and requesting a cert from the CA fails with the following output. root@ns:/home/spongebob# sudo openssl ca -in server.csr -config /etc/ssl/openssl.cnf Using configuration from /etc/ssl/openssl.cnf Enter pass phrase for /etc/ssl//private/cakey.pem: CA certificate and CA private key do not match 3074242712:error:0B080074509 certificate routines:X509_check_private_key:key values mismatch509_cmp.c:318: I am not great with certificates, which is why I am trying to learn, but would like to figure this one out. I have tried repeating the steps for creating a public/private key then moving them to the associated directories, with no luck. Anyone out there come across this error. I did report this to the ubuntu-docs folks as a possible bug. Thanks I'm tryin... Adv Reply November 20th, 2011 #2 hawkmage View Profile View Forum Posts Private Message Dipped in Ubuntu Join Date Dec 2010 Beans 572 DistroUbuntu 12.04 Precise Pangolin Re: Trying to configure a CA OK, this is a bit involved. Playing around with OpenSSL to create a three level set of CA certificates which involve a Root, intermediary and issuing certificates. What I did was the following
set a ssl certificate authority on a second installation of ispconfig I get this error when doing openssl ca Code: [[emailprotected] ~]# openssl ca Using configuration from /etc/pki/tls/openssl.cnf Error opening CA https://www.howtoforge.com/community/threads/ssl-problems.19200/ private key ../../CA/private/cakey.pem 30739:error:02001002:system library:fopen:No such file or directory:bss_file.c:352:fopen('../../CA/private/cakey.pem','r') 30739:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:354: unable to load CA private key [[emailprotected] ~]# Is there a reason why this is? Does the perfect install for http://unix.stackexchange.com/questions/73836/failed-to-sign-csr-with-the-ca-root-key centos 5.1 cause this somehow? Rockdrala, Jan 9, 2008 #1 till Super Moderator Staff Member ISPConfig Developer For me it looks as if you have to create a openssl key for the error opening ca first. till, Jan 9, 2008 #2 Rockdrala New Member Im following instructions from http://mia.ece.uic.edu/~papers/volans/settingupCA.html set two quotes Openssl has a global configuration file that it uses. To find out the location of this file use [emailprotected]:~> openssl ca Using configuration from /usr/share/ssl/openssl.cnf ---SNIP-- This file has some useful sections.. Take a look at it. Pretty much self explanatory. Let us now start making our error opening ca own Certificate Authority So im assuming "openssl ca" is supposed to show global configurations. i cant go to step 3 if step 2 doesnt have the global configuration files it needs :O I remember making symlinks in the Perfect setup guide for centos 5.1 as instructed. Thats why im asking. Last edited: Jan 9, 2008 Rockdrala, Jan 9, 2008 #3 till Super Moderator Staff Member ISPConfig Developer The global configuration file in your case is: /etc/pki/tls/openssl.cnf But if you just want to use SSL certificates in ISPConfig websites, I recommend to use the builtin functions of ISPConfig to create a csr and certificate. till, Jan 9, 2008 #4 Rockdrala New Member So this sets up a CA in ISPconfig? Here is my goal. I have ns1 and ns2 on different boxes. my ns1 hosts websites as well. They both have ispconfig installed on them. Since my ns2 ISPconfig doesnt do anything but be a slave for ns1 i want it to hande Certification Authority. This where im getting stuck on this step. The second server does not handle webhosting. It justs a nameserver "ns2" So im trying to make it handle Certification Aut
here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site About Us Learn more about Stack Overflow the company Business Learn more about hiring developers or posting ads with us Unix & Linux Questions Tags Users Badges Unanswered Ask Question _ Unix & Linux Stack Exchange is a question and answer site for users of Linux, FreeBSD and other Un*x-like operating systems. Join them; it only takes a minute: Sign up Here's how it works: Anybody can ask a question Anybody can answer The best answers are voted up and rise to the top Failed to sign CSR with the CA root key up vote 1 down vote favorite 1 I'm trying to implement Mutual Certificate Authentication , I have to be the CA and server at the same time , generate certificates and sign them for users. and I'm following this tutorial which is a very simple one comparing to the complicated articles on the web , steps are : The process for creating your own certificate authority is pretty straight forward: Create a private key Self-sign Install root CA on your various workstations // ???? Once you do that, every device that you manage via HTTPS just needs to have its own certificate created with the following steps: Create CSR for device Sign CSR with root CA key /// THIS STEP Create the Root Key : openssl genrsa -out rootCA.key 2048 self-sign this certificate. openssl req -x509 -new -nodes -key rootCA.key -days 1024 -out rootCA.pem Create A Certificate (Done Once Per Device) : openssl genrsa -out device.key 2048 openssl req -new -key device.key -out device.csr openssl x509 -req -in device.csr -CA root.pem -CAkey root.key -CAcreateserial -out device.crt -days 500 The last command is giving me this error : Signature ok subject=/C=XX/L=Default City/O=Default Company Ltd/CN=192.168.1.108 Error opening CA Certificate root.pem 307