Date: Sun, 20 Feb 2005 12:30:46 +1100 From: Jeffery Fernandez <forums@jefferyfernandez.id.au> To: freebsd-questions@freebsd.org Subject: Creating CA with CA.pl Message-ID: <4217E846.9090604@jefferyfernandez.id.au>
next in thread | raw e-mail | index | archive | help
Hi all, I am following a tutorial on creating a CA on my FreeBSD 5.3 development box. The tutorial can be found at http://www.freebsddiary.org/openssl-client-authentication.php I had a problem on signing the certificate as explained in this forum thread: http://www.freebsddiary.org/phorum/read.php?f=1&i=9702&t=9694 But now I have traced back the problem to the fourth step of that article. So when I execute perl CA.pl -newca I get to enter the details of the certificate.. but when I completed entering the details for Email Address []:me@mydomain.com I get the following output: unknown option -next_serial usage: x509 args -inform arg - input format - default PEM (one of DER, NET or PEM) -outform arg - output format - default PEM (one of DER, NET or PEM) -keyform arg - private key format - default PEM -CAform arg - CA format - default PEM -CAkeyform arg - CA key format - default PEM -in arg - input file - default stdin -out arg - output file - default stdout -passin arg - private key password source -serial - print serial number value -hash - print hash value -subject - print subject DN -issuer - print issuer DN -email - print email address(es) -startdate - notBefore field -enddate - notAfter field -purpose - print out certificate purposes -dates - both Before and After dates -modulus - print the RSA key modulus -pubkey - output the public key -fingerprint - print the certificate fingerprint -alias - output certificate alias -noout - no certificate output -ocspid - print OCSP hash values for the subject name and public key -trustout - output a "trusted" certificate -clrtrust - clear all trusted purposes -clrreject - clear all rejected purposes -addtrust arg - trust certificate for a given purpose -addreject arg - reject certificate for a given purpose -setalias arg - set certificate alias -days arg - How long till expiry of a signed certificate - def 30 days -checkend arg - check whether the cert expires in the next arg seconds exit 1 if so, 0 if not -signkey arg - self sign cert with arg -x509toreq - output a certification request object -req - input is a certificate request, sign and output. -CA arg - set the CA certificate, must be PEM format. -CAkey arg - set the CA key, must be PEM format missing, it is assumed to be in the CA file. -CAcreateserial - create serial number file if it does not exist -CAserial arg - serial file -set_serial - serial number to use -text - print the certificate in text form -C - print out C code forms -md2/-md5/-sha1/-mdc2 - digest to use -extfile - configuration file with X509V3 extensions to add -extensions - section from config file with X509V3 extensions to add -clrext - delete extensions before signing and input certificate -nameopt arg - various certificate name options -engine e - use engine e, possibly a hardware device. -certopt arg - various certificate text options I have googled for the "unknown option -next_serial" string with no results. I also opened CA.pl and found "-next_serial" to be present on line 108. Anyone have a clue why its failing on that line of code ? I beleive the signing of the certificate is not working properly because of this. Appreciate your help. cheers, Jeffery
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4217E846.9090604>