Openssl生成證書unable to access demoCA問題解決
----------------------------------分割分割分割-------------------------------------------------
關於windows下面利用openssl生成證書的問題:
在用生成的CA的證書為剛才生成的server.csr,client.csr文件簽名的時候,
Openssl ca -in server.csr -out server.crt -cert ca.crt -keyfile ca.key -config openssl.cnf
error:
I am unable to access the ./demoCA/newcerts directory
搜了google很多天,網上廣為流傳的一種方法是:
for linux:
mkdir demoCA
mkdir demoCA/newcerts
mkdir demoCA/private
touch demoCA/index.txt
echo "01" >> demoCA/serial
for windows:照著上面那個命令自己手動建嘛•••
仍然unable to access the ./demoCA/newcerts directory
解決辦法:
修改openssl的配置文件openssl.cnf:
首先程序-附件-打開notepad,把openssl.cnf拖進去,
就可以查看這個文件了。
修改這個地方:
[ CA_default ]
dir =\\demoCA # Where everything is kept——————>這個地方修改目錄為你的demoCA文件夾所在的地方,填入路徑。比如我的就是:F:\\Documents and Settings\\PG33817268\\Desktop\\openssl-0.9.8e\\openssl-0.9.8e\\out32dll\\demoCA(注意路徑要用雙斜槓\\或者單反斜槓/)
certs = $dir\\certs # Where the issued certs are kept
crl_dir = $dir\\crl # Where the issued crl are kept
database = $dir\\index.txt # database index file.
#unique_subject = no # Set to 'no' to allow creation of
# several ctificates with same subject.
new_certs_dir = $dir\\newcerts # default place for new certs.
certificate = $dir\\cacert.pem # The CA certificate
serial = $dir\\serial # The current serial number
crlnumber = $dir\\crlnumber # the current crl number
# must be commented out to leave a V1 CRL
crl = $dir\\crl.pem # The current CRL
private_key = $dir\\private\\cakey.pem# The private key
RANDFILE = $dir\\private\\.rand #
請先 登入 以發表留言。