Setting up plague server - Difficulty w/ SSL setup

Josh Boyer jwboyer at jdub.homelinux.org
Sat Aug 6 02:18:30 UTC 2005 

On Thu, 2005-08-04 at 13:43 -0700, Jesse Keating wrote:
> I'm following the README in the plague package, and I'm having trouble
> w/ step 6 of Configuring SSL for your Build System.
> 
> <quote>
> 6. Sign the build server certificate request with the BSCA certificate
> 
> openssl ca -out server_cert.pem -infiles server_req.pem
> <endquote>
> 
> If I run this, I get:
> 
> [root at plague server]# openssl ca -out server_cert.pem -infiles server_req.pem
> Using configuration from /usr/share/ssl/openssl.cnf
> Error opening CA private key ./demoCA/private/cakey.pem
> 18008:error:02001002:system library:fopen:No such file or directory:bss_file.c:259:fopen('./demoCA/private/cakey.pem','r')
> 18008:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:261:
> unable to load CA private key
> 
> 
> So it would seem I need to specify the CA private key so I try:
> 
> [root at plague server]# openssl ca -keyfile /root/CERTS/CA/private/ca_key.pem -out server_cert.pem -infiles server_req.pem
> Using configuration from /usr/share/ssl/openssl.cnf
> Error opening CA certificate ./demoCA/cacert.pem
> 18085:error:02001002:system library:fopen:No such file or directory:bss_file.c:259:fopen('./demoCA/cacert.pem','r')
> 18085:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:261:
> unable to load certificate
> 
> Now I'm missing the cert... one more step:
> 
> [root at plague server]# openssl ca -keyfile /root/CERTS/CA/private/ca_key.pem -cert /root/CERTS/CA/ca_cert.pem -out server_cert.pem -infiles server_req.pem
> Using configuration from /usr/share/ssl/openssl.cnf
> I am unable to access the ./demoCA/newcerts directory
> ./demoCA/newcerts: No such file or directory
> 
> Still no juice.  Not sure why it is trying to access the newcerts file.
> Can anybody help me with what I'm doing wrong here, or help me generate
> a patch to the documentation that will lead people in the right
> direction?
> 

I remember having the same problem.  I believe i just renamed my
ca_key.pem file to cakey.pem and the problem went away.  I should say
that I never really did get it all to work.  Probably because the keys
were screwed up.

In any case, the README seems a bit out of date.  At least on FC4 where
I was running the steps.  If anyone knows the correct steps, please post
them.

thx,
josh

More information about the Fedora-buildsys-list mailing list