Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
HELP - virt-mail-howto fails making certs - SOLVED
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Moriah
Advocate
Advocate


Joined: 27 Mar 2004
Posts: 2115
Location: Kentucky

PostPosted: Fri Jun 21, 2013 8:06 pm    Post subject: HELP - virt-mail-howto fails making certs - SOLVED Reply with quote

This post is almost a duplicate of:

https://forums.gentoo.org/viewtopic-t-961704-highlight-.html?sid=cdeca8d7132fad13b4085d02b5221302

In a nutshell:
Code:

hophni courier-imap # cd /etc/ssl/
hophni ssl # cd misc
hophni misc # ./CA.pl -newreq-nodes
Generating a 1024 bit RSA private key
.............................++++++
....................................................++++++
writing new private key to 'newkey.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:
State or Province Name (full name) [KY]:
Locality Name [Warsaw]:
Organization Name [Elijah Laboratories Inc.]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) [elilabs.com]:
Email Address [root@elilabs.com]:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Request is in newreq.pem, private key is in newkey.pem
hophni misc # ./CA.pl -newca
hophni misc # ./CA.pl -sign
Using configuration from /etc/ssl/openssl.cnf
unable to load CA private key
139656827946664:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:696:Expecting: ANY PRIVATE KEY
Signed certificate is in newcert.pem
hophni misc # updatedb
hophni misc # locate newcert.pem
hophni misc #

So something is buggered up in CA.pl -sign, and the error message is a programmer's debug printf, not something meaningful to anyone else. Can anyone decrypt the above error message and figure out how to make CA.pl -sign happy? Looks like it wants some kind of private key... :?
_________________
The MyWord KJV Bible tool is at http://www.elilabs.com/~myword

Foghorn Leghorn is a Warner Bros. cartoon character.


Last edited by Moriah on Sun Jun 23, 2013 2:12 am; edited 1 time in total
Back to top
View user's profile Send private message
Moriah
Advocate
Advocate


Joined: 27 Mar 2004
Posts: 2115
Location: Kentucky

PostPosted: Sun Jun 23, 2013 2:11 am    Post subject: Reply with quote

Apparently, the directions in the howto at:

http://www.gentoo.org/doc/en/virt-mail-howto.xml

omitted a step. :evil:

By examining the CA.pl script (which was a hack over 15 years ago that is still with us!), I saw that ./CA.pl -newcert was required after ./CA.pl -newca before ./CA.pl -sign. Once I did that, it all worked.

Lets get someone to fix the docs at the above URL, Please! :roll:
_________________
The MyWord KJV Bible tool is at http://www.elilabs.com/~myword

Foghorn Leghorn is a Warner Bros. cartoon character.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum