SSL Signed sertificate
Christian Schulte
cs at schulte.it
Tue Apr 29 11:19:49 EDT 2003
Dmitry Sergienko wrote:
>
> How can I generate correct signed sertificate? When I invoke
> CA.sh -newca
> CA.sh -newreq
> CA.sh -sign
> Cyrus 2.1.9 doesn't want to process it complaining that unable to load
> it: TLS engine: cannot load CA data.
>
Depends on your vesion of openssl! Do you have CA.sh -newreq-nodes ? If
yes, use that for the server certificates! Sendmail certificates will
also require it. If you do not have it, you have to change the -newreg
target in the CA.sh script to do the openssl-call with an added option
-nodes. Something like that:
-newreq-nodes)
# create a certificate request with un-encrypted key
$REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS
RET=$?
echo "Request (and private key) is in newreq.pem"
;;
Recent versions of openssl seem to contain -newreq-nodes already however.
--Christian--
More information about the Info-cyrus
mailing list