From owner-freebsd-questions@FreeBSD.ORG  Sun Feb 20 01:31:03 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3438E16A4CE
	for <freebsd-questions@freebsd.org>;
	Sun, 20 Feb 2005 01:31:03 +0000 (GMT)
Received: from mail.iinet.net.au (mail-09.iinet.net.au [203.59.3.41])
	by mx1.FreeBSD.org (Postfix) with SMTP id A7E2643D55
	for <freebsd-questions@freebsd.org>;
	Sun, 20 Feb 2005 01:31:01 +0000 (GMT)
	(envelope-from forums@jefferyfernandez.id.au)
Received: (qmail 3652 invoked from network); 20 Feb 2005 01:30:47 -0000
Received: from unknown (HELO ?10.1.1.66?) (203.173.46.98)
  by mail.iinet.net.au with SMTP; 20 Feb 2005 01:30:47 -0000
Message-ID: <4217E846.9090604@jefferyfernandez.id.au>
Date: Sun, 20 Feb 2005 12:30:46 +1100
From: Jeffery Fernandez <forums@jefferyfernandez.id.au>
User-Agent: Mozilla Thunderbird 0.9 (X11/20041103)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: freebsd-questions@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Content-Filtered-By: Mailman/MimeDel 2.1.1
Subject: Creating CA with CA.pl
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Feb 2005 01:31:03 -0000

Hi all,

I am following a tutorial on creating a CA on my FreeBSD 5.3 development 
box. The tutorial can be found at 
http://www.freebsddiary.org/openssl-client-authentication.php

I had a problem on signing the certificate as explained in this forum 
thread: http://www.freebsddiary.org/phorum/read.php?f=1&i=9702&t=9694

But now I have traced back the problem to the fourth step of that 
article. So when I execute

perl CA.pl -newca


I get to enter the details of the certificate.. but when I completed 
entering the details for

Email Address []:me@mydomain.com

I get the following output:

unknown option -next_serial
usage: x509 args
 -inform arg     - input format - default PEM (one of DER, NET or PEM)
 -outform arg    - output format - default PEM (one of DER, NET or PEM)
 -keyform arg    - private key format - default PEM
 -CAform arg     - CA format - default PEM
 -CAkeyform arg  - CA key format - default PEM
 -in arg         - input file - default stdin
 -out arg        - output file - default stdout
 -passin arg     - private key password source
 -serial         - print serial number value
 -hash           - print hash value
 -subject        - print subject DN
 -issuer         - print issuer DN
 -email          - print email address(es)
 -startdate      - notBefore field
 -enddate        - notAfter field
 -purpose        - print out certificate purposes
 -dates          - both Before and After dates
 -modulus        - print the RSA key modulus
 -pubkey         - output the public key
 -fingerprint    - print the certificate fingerprint
 -alias          - output certificate alias
 -noout          - no certificate output
 -ocspid         - print OCSP hash values for the subject name and 
public key
 -trustout       - output a "trusted" certificate
 -clrtrust       - clear all trusted purposes
 -clrreject      - clear all rejected purposes
 -addtrust arg   - trust certificate for a given purpose
 -addreject arg  - reject certificate for a given purpose
 -setalias arg   - set certificate alias
 -days arg       - How long till expiry of a signed certificate - def 30 
days
 -checkend arg   - check whether the cert expires in the next arg seconds
                   exit 1 if so, 0 if not
 -signkey arg    - self sign cert with arg
 -x509toreq      - output a certification request object
 -req            - input is a certificate request, sign and output.
 -CA arg         - set the CA certificate, must be PEM format.
 -CAkey arg      - set the CA key, must be PEM format
                   missing, it is assumed to be in the CA file.
 -CAcreateserial - create serial number file if it does not exist
 -CAserial arg   - serial file
 -set_serial     - serial number to use
 -text           - print the certificate in text form
 -C              - print out C code forms
 -md2/-md5/-sha1/-mdc2 - digest to use
 -extfile        - configuration file with X509V3 extensions to add
 -extensions     - section from config file with X509V3 extensions to add
 -clrext         - delete extensions before signing and input certificate
 -nameopt arg    - various certificate name options
 -engine e       - use engine e, possibly a hardware device.
 -certopt arg    - various certificate text options


I have googled for the "unknown option -next_serial" string with no 
results. I also opened CA.pl and found "-next_serial" to be present on 
line 108. Anyone have a clue why its failing on that line of code ? I 
beleive the signing of the certificate is not working properly because 
of this. Appreciate your help.

cheers,
Jeffery