[Pkg-openssl-devel] Possible malfunction?

Pontus Edvardsson pontus.edvardsson at bredband.net
Thu May 16 12:07:52 BST 2019


Hi,

first, I don't primarily contact you for support. I know the ways 
around that. I suspect there might be a problem in the current build of 
openssl for Debian Stretch, and would like your view of it prior filing 
a bug report (which can be lengthy processes).

I have set up a script suite to create my own CA, intermediate and 
client certificates with openssl. This all works great, apart from two 
things I cannot seem to make work, and thus wonder if they in fact do 
work, or not.

I have also posted to the debian forums, but no one seems eager to 
answer this type of question. Hope you'll find it interesting enough, 
and could tell the difference between me doing it wrong and a possible 
malfunction.

1. I run the scripts as sudo, if that may affect anything below

2. I use a fairly standard openssl.cnf

3. The RANDFILE is always created in "/root", no matter what path I set 
in the config.
 >> RANDFILE	=	/root/RADIUS/CA/.rnd		# private random number file

4. The crl (certificate revocation file) is not created at all. No 
error, but just don't created in the file system.

 >>openssl ca -config /root/RADIUS/CA/openssl.conf -gencrl -out 
/root/RADIUS/CA/crl/crl.pem -passin 
file:/root/RADIUS/CA/passphrases/CAkey.pem.file

Thanks, Pontus
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-openssl-devel/attachments/20190516/2dc739cb/attachment.html>


More information about the Pkg-openssl-devel mailing list