These forums are read-only!
Strange, openssl won't generate me a Certificate Authority
  • cmapes
    I am trying to set up postfix to forward mail through my gmail account as my email handler. Gmail is set up to handle my email address for my domain, and all the records are set, but now I need something to forward mail from the server applications. Thats where postfix comes into play.

    I have been following a few different tutorials with pretty much the same information:
    http://prantran.blogspot.com/2007/01/getting-postfix-to-work-on-ubuntu-with.html
    http://www.marksanborn.net/linux/send-mail-postfix-through-gmails-smtp-on-a-ubuntu-lts-server/
    http://kirranet.co.nz/content/howto-relay-email-using-ubuntu,-postfix-and-gmail

    The part that is giving me trouble is where it calls to use openssl to create a certificate signing authority. I am signed in with super user status and run

    /usr/lib/ssl/misc/CA.pl -newca
    CA certificate filename (or enter to create)

    After entering a filename, nothing happens. Nothing at all.
    Everywhere says I should be getting an output like this:

    Making CA certificate …
    Generating a 1024 bit RSA private key
    …….++++++
    ……………….++++++
    writing new private key to ‘./demoCA/private/cakey.pem’
    Enter PEM pass phrase: password
    Verifying - Enter PEM pass phrase: password

    Somehow, that doesn't happen. However, when I use it to make something else, like a rsa key, it works fine.
    I tried reinstalling it with apt-get: sudo apt-get install openssl --reinstall, and it reinstalls fine but still does not work.

    This is a slice running Ubuntu 7.10 gutsy with Apache 2, PHP, MySQL, and a few other apps. Install is a few days old.

    Any help or comments would be GREATLY appreciated.
  • Gadget
    CA certificate filename (or enter to create)

    After entering a filename, nothing happens. Nothing at all.

    Yup, you're quite right... the entered filename is for when you want to use an existing certificate, not for naming a new certificate. Don't type anything at all at the prompt, but just (press enter to create [a new CA cert]..) and it should work quite the way you expect... The new files will end up in ./demoCA
  • cmapes
    Hmm, now when I try it nothing at all happens.
    This is what happens when I enter in the string and press enter now.

    username~:sudo /usr/lib/ssl/misc/CA.pl -newca
    username~:

    It just skips down to the next line after pressing enter.

    Strange.
  • ilikepi
    Were you running it through sudo before, or did you have a root shell? Sudo might be running with different environmental parameters...
  • Gadget
    You need to remove the existing demoCA directory, which was created the first time around, but only contains blank certificates, keys and so on.. username~:sudo rm -r demoCA
    username~:sudo /usr/lib/ssl/misc/CA.pl -newca     The script won't overwrite an already existing set of certs/keys, even if they are empty and invalid..
  • cmapes
    Hah! Fantastic. Simple, but it seems to work fine now.

    Thank you for your help Gadget.
  • Gadget
    Always the simplest things that make my hair go grey.. 8-)
    You're very welcome, glad it worked for you!
Add a Comment