From owner-freebsd-questions@FreeBSD.ORG Tue Feb 22 07:43:52 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 79D2016A4CE for ; Tue, 22 Feb 2005 07:43:52 +0000 (GMT) Received: from mail.iinet.net.au (mail-03.iinet.net.au [203.59.3.35]) by mx1.FreeBSD.org (Postfix) with SMTP id B62C043D41 for ; Tue, 22 Feb 2005 07:43:50 +0000 (GMT) (envelope-from forums@jefferyfernandez.id.au) Received: (qmail 15276 invoked from network); 22 Feb 2005 07:43:49 -0000 Received: from unknown (HELO ?10.1.1.66?) (203.173.46.98) by mail.iinet.net.au with SMTP; 22 Feb 2005 07:43:49 -0000 Message-ID: <421AE2B4.4060307@jefferyfernandez.id.au> Date: Tue, 22 Feb 2005 18:43:48 +1100 From: Jeffery Fernandez User-Agent: Mozilla Thunderbird 0.9 (X11/20041103) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <4217E846.9090604@jefferyfernandez.id.au> In-Reply-To: <4217E846.9090604@jefferyfernandez.id.au> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: Creating CA with CA.pl X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Feb 2005 07:43:52 -0000 Jeffery Fernandez wrote: > Hi all, > > I am following a tutorial on creating a CA on my FreeBSD 5.3 > development box. The tutorial can be found at > http://www.freebsddiary.org/openssl-client-authentication.php > > I had a problem on signing the certificate as explained in this forum > thread: http://www.freebsddiary.org/phorum/read.php?f=1&i=9702&t=9694 > > But now I have traced back the problem to the fourth step of that > article. So when I execute > > perl CA.pl -newca > > > I get to enter the details of the certificate.. but when I completed > entering the details for > > Email Address []:me@mydomain.com > > I get the following output: > > unknown option -next_serial > usage: x509 args > -inform arg - input format - default PEM (one of DER, NET or PEM) > -outform arg - output format - default PEM (one of DER, NET or PEM) > -keyform arg - private key format - default PEM > -CAform arg - CA format - default PEM > -CAkeyform arg - CA key format - default PEM > -in arg - input file - default stdin > -out arg - output file - default stdout > -passin arg - private key password source > -serial - print serial number value > -hash - print hash value > -subject - print subject DN > -issuer - print issuer DN > -email - print email address(es) > -startdate - notBefore field > -enddate - notAfter field > -purpose - print out certificate purposes > -dates - both Before and After dates > -modulus - print the RSA key modulus > -pubkey - output the public key > -fingerprint - print the certificate fingerprint > -alias - output certificate alias > -noout - no certificate output > -ocspid - print OCSP hash values for the subject name and > public key > -trustout - output a "trusted" certificate > -clrtrust - clear all trusted purposes > -clrreject - clear all rejected purposes > -addtrust arg - trust certificate for a given purpose > -addreject arg - reject certificate for a given purpose > -setalias arg - set certificate alias > -days arg - How long till expiry of a signed certificate - def > 30 days > -checkend arg - check whether the cert expires in the next arg seconds > exit 1 if so, 0 if not > -signkey arg - self sign cert with arg > -x509toreq - output a certification request object > -req - input is a certificate request, sign and output. > -CA arg - set the CA certificate, must be PEM format. > -CAkey arg - set the CA key, must be PEM format > missing, it is assumed to be in the CA file. > -CAcreateserial - create serial number file if it does not exist > -CAserial arg - serial file > -set_serial - serial number to use > -text - print the certificate in text form > -C - print out C code forms > -md2/-md5/-sha1/-mdc2 - digest to use > -extfile - configuration file with X509V3 extensions to add > -extensions - section from config file with X509V3 extensions to add > -clrext - delete extensions before signing and input certificate > -nameopt arg - various certificate name options > -engine e - use engine e, possibly a hardware device. > -certopt arg - various certificate text options > > > I have googled for the "unknown option -next_serial" string with no > results. I also opened CA.pl and found "-next_serial" to be present on > line 108. Anyone have a clue why its failing on that line of code ? I > beleive the signing of the certificate is not working properly because > of this. Appreciate your help. > > cheers, > Jeffery > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > > :( anyone ?