[Pkg-openssl-devel] Possible malfunction?
Pontus Edvardsson
pontus.edvardsson at bredband.net
Thu May 16 12:07:52 BST 2019
Hi,
first, I don't primarily contact you for support. I know the ways
around that. I suspect there might be a problem in the current build of
openssl for Debian Stretch, and would like your view of it prior filing
a bug report (which can be lengthy processes).
I have set up a script suite to create my own CA, intermediate and
client certificates with openssl. This all works great, apart from two
things I cannot seem to make work, and thus wonder if they in fact do
work, or not.
I have also posted to the debian forums, but no one seems eager to
answer this type of question. Hope you'll find it interesting enough,
and could tell the difference between me doing it wrong and a possible
malfunction.
1. I run the scripts as sudo, if that may affect anything below
2. I use a fairly standard openssl.cnf
3. The RANDFILE is always created in "/root", no matter what path I set
in the config.
>> RANDFILE = /root/RADIUS/CA/.rnd # private random number file
4. The crl (certificate revocation file) is not created at all. No
error, but just don't created in the file system.
>>openssl ca -config /root/RADIUS/CA/openssl.conf -gencrl -out
/root/RADIUS/CA/crl/crl.pem -passin
file:/root/RADIUS/CA/passphrases/CAkey.pem.file
Thanks, Pontus
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-openssl-devel/attachments/20190516/2dc739cb/attachment.html>
More information about the Pkg-openssl-devel
mailing list