Creating CA with CA.pl
Jeffery Fernandez
forums at jefferyfernandez.id.au
Tue Feb 22 07:43:52 GMT 2005
Jeffery Fernandez wrote:
> Hi all,
>
> I am following a tutorial on creating a CA on my FreeBSD 5.3
> development box. The tutorial can be found at
> http://www.freebsddiary.org/openssl-client-authentication.php
>
> I had a problem on signing the certificate as explained in this forum
> thread: http://www.freebsddiary.org/phorum/read.php?f=1&i=9702&t=9694
>
> But now I have traced back the problem to the fourth step of that
> article. So when I execute
>
> perl CA.pl -newca
>
>
> I get to enter the details of the certificate.. but when I completed
> entering the details for
>
> Email Address []:me at mydomain.com
>
> I get the following output:
>
> unknown option -next_serial
> usage: x509 args
> -inform arg - input format - default PEM (one of DER, NET or PEM)
> -outform arg - output format - default PEM (one of DER, NET or PEM)
> -keyform arg - private key format - default PEM
> -CAform arg - CA format - default PEM
> -CAkeyform arg - CA key format - default PEM
> -in arg - input file - default stdin
> -out arg - output file - default stdout
> -passin arg - private key password source
> -serial - print serial number value
> -hash - print hash value
> -subject - print subject DN
> -issuer - print issuer DN
> -email - print email address(es)
> -startdate - notBefore field
> -enddate - notAfter field
> -purpose - print out certificate purposes
> -dates - both Before and After dates
> -modulus - print the RSA key modulus
> -pubkey - output the public key
> -fingerprint - print the certificate fingerprint
> -alias - output certificate alias
> -noout - no certificate output
> -ocspid - print OCSP hash values for the subject name and
> public key
> -trustout - output a "trusted" certificate
> -clrtrust - clear all trusted purposes
> -clrreject - clear all rejected purposes
> -addtrust arg - trust certificate for a given purpose
> -addreject arg - reject certificate for a given purpose
> -setalias arg - set certificate alias
> -days arg - How long till expiry of a signed certificate - def
> 30 days
> -checkend arg - check whether the cert expires in the next arg seconds
> exit 1 if so, 0 if not
> -signkey arg - self sign cert with arg
> -x509toreq - output a certification request object
> -req - input is a certificate request, sign and output.
> -CA arg - set the CA certificate, must be PEM format.
> -CAkey arg - set the CA key, must be PEM format
> missing, it is assumed to be in the CA file.
> -CAcreateserial - create serial number file if it does not exist
> -CAserial arg - serial file
> -set_serial - serial number to use
> -text - print the certificate in text form
> -C - print out C code forms
> -md2/-md5/-sha1/-mdc2 - digest to use
> -extfile - configuration file with X509V3 extensions to add
> -extensions - section from config file with X509V3 extensions to add
> -clrext - delete extensions before signing and input certificate
> -nameopt arg - various certificate name options
> -engine e - use engine e, possibly a hardware device.
> -certopt arg - various certificate text options
>
>
> I have googled for the "unknown option -next_serial" string with no
> results. I also opened CA.pl and found "-next_serial" to be present on
> line 108. Anyone have a clue why its failing on that line of code ? I
> beleive the signing of the certificate is not working properly because
> of this. Appreciate your help.
>
> cheers,
> Jeffery
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
>
>
:( anyone ?
More information about the freebsd-questions
mailing list