Professional Web Applications Themes

Creating CA with CA.pl - FreeBSD

Hi all, I am following a tutorial on creating a CA on my FreeBSD 5.3 development box. The tutorial can be found at [url]http://www.freebsddiary.org/openssl-client-authentication.php[/url] I had a problem on signing the certificate as explained in this forum thread: [url]http://www.freebsddiary.org/phorum/read.php?f=1&i=9702&t=9694[/url] But now I have traced back the problem to the fourth step of that article. So when I execute perl CA.pl -newca I get to enter the details of the certificate.. but when I completed entering the details for Email Address []:memydomain.com I get the following output: unknown option -next_serial usage: x509 args -inform arg - input format - default PEM ...

  1. #1

    Default Creating CA with CA.pl

    Hi all,

    I am following a tutorial on creating a CA on my FreeBSD 5.3 development
    box. The tutorial can be found at
    [url]http://www.freebsddiary.org/openssl-client-authentication.php[/url]

    I had a problem on signing the certificate as explained in this forum
    thread: [url]http://www.freebsddiary.org/phorum/read.php?f=1&i=9702&t=9694[/url]

    But now I have traced back the problem to the fourth step of that
    article. So when I execute

    perl CA.pl -newca


    I get to enter the details of the certificate.. but when I completed
    entering the details for

    Email Address []:memydomain.com

    I get the following output:

    unknown option -next_serial
    usage: x509 args
    -inform arg - input format - default PEM (one of DER, NET or PEM)
    -outform arg - output format - default PEM (one of DER, NET or PEM)
    -keyform arg - private key format - default PEM
    -CAform arg - CA format - default PEM
    -CAkeyform arg - CA key format - default PEM
    -in arg - input file - default stdin
    -out arg - output file - default stdout
    -passin arg - private key password source
    -serial - print serial number value
    -hash - print hash value
    -subject - print subject DN
    -issuer - print issuer DN
    -email - print email address(es)
    -startdate - notBefore field
    -enddate - notAfter field
    -purpose - print out certificate purposes
    -dates - both Before and After dates
    -modulus - print the RSA key modulus
    -pubkey - output the public key
    -fingerprint - print the certificate fingerprint
    -alias - output certificate alias
    -noout - no certificate output
    -ocspid - print OCSP hash values for the subject name and
    public key
    -trustout - output a "trusted" certificate
    -clrtrust - clear all trusted purposes
    -clrreject - clear all rejected purposes
    -addtrust arg - trust certificate for a given purpose
    -addreject arg - reject certificate for a given purpose
    -setalias arg - set certificate alias
    -days arg - How long till expiry of a signed certificate - def 30
    days
    -checkend arg - check whether the cert expires in the next arg seconds
    exit 1 if so, 0 if not
    -signkey arg - self sign cert with arg
    -x509toreq - output a certification request object
    -req - input is a certificate request, sign and output.
    -CA arg - set the CA certificate, must be PEM format.
    -CAkey arg - set the CA key, must be PEM format
    missing, it is assumed to be in the CA file.
    -CAcreateserial - create serial number file if it does not exist
    -CAserial arg - serial file
    -set_serial - serial number to use
    -text - print the certificate in text form
    -C - print out C code forms
    -md2/-md5/-sha1/-mdc2 - digest to use
    -extfile - configuration file with X509V3 extensions to add
    -extensions - section from config file with X509V3 extensions to add
    -clrext - delete extensions before signing and input certificate
    -nameopt arg - various certificate name options
    -engine e - use engine e, possibly a hardware device.
    -certopt arg - various certificate text options


    I have googled for the "unknown option -next_serial" string with no
    results. I also opened CA.pl and found "-next_serial" to be present on
    line 108. Anyone have a clue why its failing on that line of code ? I
    beleive the signing of the certificate is not working properly because
    of this. Appreciate your help.

    cheers,
    Jeffery
    Jeffery Fernandez Guest

  2. #2

    Default Re: Creating CA with CA.pl

    Jeffery Fernandez wrote:
    > Hi all,
    >
    > I am following a tutorial on creating a CA on my FreeBSD 5.3
    > development box. The tutorial can be found at
    > [url]http://www.freebsddiary.org/openssl-client-authentication.php[/url]
    >
    > I had a problem on signing the certificate as explained in this forum
    > thread: [url]http://www.freebsddiary.org/phorum/read.php?f=1&i=9702&t=9694[/url]
    >
    > But now I have traced back the problem to the fourth step of that
    > article. So when I execute
    >
    > perl CA.pl -newca
    >
    >
    > I get to enter the details of the certificate.. but when I completed
    > entering the details for
    >
    > Email Address []:memydomain.com
    >
    > I get the following output:
    >
    > unknown option -next_serial
    > usage: x509 args
    > -inform arg - input format - default PEM (one of DER, NET or PEM)
    > -outform arg - output format - default PEM (one of DER, NET or PEM)
    > -keyform arg - private key format - default PEM
    > -CAform arg - CA format - default PEM
    > -CAkeyform arg - CA key format - default PEM
    > -in arg - input file - default stdin
    > -out arg - output file - default stdout
    > -passin arg - private key password source
    > -serial - print serial number value
    > -hash - print hash value
    > -subject - print subject DN
    > -issuer - print issuer DN
    > -email - print email address(es)
    > -startdate - notBefore field
    > -enddate - notAfter field
    > -purpose - print out certificate purposes
    > -dates - both Before and After dates
    > -modulus - print the RSA key modulus
    > -pubkey - output the public key
    > -fingerprint - print the certificate fingerprint
    > -alias - output certificate alias
    > -noout - no certificate output
    > -ocspid - print OCSP hash values for the subject name and
    > public key
    > -trustout - output a "trusted" certificate
    > -clrtrust - clear all trusted purposes
    > -clrreject - clear all rejected purposes
    > -addtrust arg - trust certificate for a given purpose
    > -addreject arg - reject certificate for a given purpose
    > -setalias arg - set certificate alias
    > -days arg - How long till expiry of a signed certificate - def
    > 30 days
    > -checkend arg - check whether the cert expires in the next arg seconds
    > exit 1 if so, 0 if not
    > -signkey arg - self sign cert with arg
    > -x509toreq - output a certification request object
    > -req - input is a certificate request, sign and output.
    > -CA arg - set the CA certificate, must be PEM format.
    > -CAkey arg - set the CA key, must be PEM format
    > missing, it is assumed to be in the CA file.
    > -CAcreateserial - create serial number file if it does not exist
    > -CAserial arg - serial file
    > -set_serial - serial number to use
    > -text - print the certificate in text form
    > -C - print out C code forms
    > -md2/-md5/-sha1/-mdc2 - digest to use
    > -extfile - configuration file with X509V3 extensions to add
    > -extensions - section from config file with X509V3 extensions to add
    > -clrext - delete extensions before signing and input certificate
    > -nameopt arg - various certificate name options
    > -engine e - use engine e, possibly a hardware device.
    > -certopt arg - various certificate text options
    >
    >
    > I have googled for the "unknown option -next_serial" string with no
    > results. I also opened CA.pl and found "-next_serial" to be present on
    > line 108. Anyone have a clue why its failing on that line of code ? I
    > beleive the signing of the certificate is not working properly because
    > of this. Appreciate your help.
    >
    > cheers,
    > Jeffery
    > _______________________________________________
    > [email]freebsd-questionsfreebsd.org[/email] mailing list
    > [url]http://lists.freebsd.org/mailman/listinfo/freebsd-questions[/url]
    > To unsubscribe, send any mail to
    > "freebsd-questions-unsubscribefreebsd.org"
    >
    >
    :( anyone ?
    Jeffery Fernandez Guest

  3. #3

    Default Re: Creating CA with CA.pl

    Jeffery Fernandez wrote:
    > I am following a tutorial on creating a CA on my FreeBSD 5.3 development
    > box. The tutorial can be found at
    > [url]http://www.freebsddiary.org/openssl-client-authentication.php[/url]
    >
    > I had a problem on signing the certificate as explained in this forum
    > thread: [url]http://www.freebsddiary.org/phorum/read.php?f=1&i=9702&t=9694[/url]
    Don't know about CA.pl, but try doing it manually. You should first edit
    the openssl.conf, make a directory structure for your CA, setup files...
    (man ca) then do something like this:

    openssl req -new -x509 -keyout ca.key -out ca.pem -days 3650

    Look around; there are many tutorials, guides, a Linux HOWTO... on the
    net, it's not related to FreeBSD.

    --

    Regards,
    Karel Miklav

    Karel Miklav Guest

  4. #4

    Default re: Creating CA with CA.pl

    >unknown option -next_serial

    I got this because I got CA.pl from a version of openssl-0.9.7e+
    My system openssl, however, was a previous version, so didn't support
    this option.

    Solution:
    Either use an older version of CA.pl or update the system openssl.

    F
    Fran Guest

Similar Threads

  1. creating shared folder location hanges when creating a review
    By Carma_Schramm@adobeforums.com in forum Adobe Acrobat Macintosh
    Replies: 1
    Last Post: July 28th, 05:34 AM
  2. I need help creating a CMS
    By GG02 in forum Macromedia Dynamic HTML
    Replies: 1
    Last Post: November 7th, 03:30 AM
  3. help with rss creating code creating an XML rss feed]
    By Wayne... in forum PHP Development
    Replies: 0
    Last Post: July 6th, 04:20 PM
  4. creating pop ups on cd-rom
    By SuperMilku in forum Macromedia Director Basics
    Replies: 1
    Last Post: April 9th, 10:25 PM
  5. Creating WWW
    By kkkPL webforumsuser@macromedia.com in forum Macromedia Flash Sitedesign
    Replies: 9
    Last Post: August 26th, 12:05 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139