Доброго дня суток, all.
Пытаюсь создать CA сертификат в OpenSSL, но к сожалению ничего не получается.
Корневой сертификат создаю с помощью CA.sh (так же пробовал CA.pl).
В openssl.cnf вносил минимальные настройки такие как: [ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = RU
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Russia
localityName = Locality Name (eg, city)
localityName_default =
0.organizationName = Organization Name (eg, company)
0.organizationName_default = MY
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default = IT
commonName = Common Name (eg, your name or your server\'s h
ostname)
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 64
# SET-ex3 = SET extension number 3
при создании сертификата с помощью CA -newca получаю следующее:
./CA.sh -newca
CA certificate filename (or enter to create)
Making CA certificate ...
Generating a 1024 bit RSA private key
............++++++
............................++++++
writing new private key to './demoCA/private/./cakey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:
Email Address []:
Using configuration from /usr/lib/ssl/openssl.cnf
Enter pass phrase for ./demoCA/private/./cakey.pem:
20940:error:28069065:lib(40):UI_set_result:result too small:ui_lib.c:849:You must type in 4 to 8191 characters
Enter pass phrase for ./demoCA/private/./cakey.pem:
Error reading certificate request in ./demoCA/./careq.pem
20940:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:647:Expecting: CERTIFICATE REQUEST
Пользовался этой статьей http://www-theorie.physik.unizh.ch/~dpotter/howto/certificates
может кто подскажет, в чем проблема и что можно еще почитать по настройке OpenSSL.
Благодарю за любые ответы.
Вариант для распечатки
OpenNET: Виртуальная конференция (Public)
(ok) on 16-Июл-08, 18:43 
