SSL Signed sertificate

Christian Schulte cs at
Tue Apr 29 11:19:49 EDT 2003

Dmitry Sergienko wrote:

> How can I generate correct signed sertificate? When I invoke
> -newca
> -newreq
> -sign
> Cyrus 2.1.9 doesn't want to process it complaining that unable to load 
> it: TLS engine: cannot load CA data.
Depends on your vesion of openssl! Do you have -newreq-nodes ? If 
yes, use that for the server certificates! Sendmail certificates will 
also require it. If you do not have it, you have to change the -newreg 
target in the script to do the openssl-call with an added option 
-nodes. Something like that:

    # create a certificate request with un-encrypted key
    $REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS
    echo "Request (and private key) is in newreq.pem"

Recent versions of openssl seem to contain -newreq-nodes already however.


More information about the Info-cyrus mailing list