Openssl生成證書 unable to access demoCA 問題解決
---------------------------------------------------------------------------------
關於windows下面利用openssl生成證書的問題:
在用生成的CA的證書為剛才生成的server.csr,client.csr文件簽名的時候,
Openssl ca -in
server.csr -out server.crt -cert ca.crt -keyfile ca.key -config openssl.cnf
error:
I am unable to
access the ./demoCA/newcerts directory
搜了google很多天,網上廣為流傳的一種方法是:
for linux:
mkdir demoCA
mkdir
demoCA/newcerts
mkdir
demoCA/private
touch
demoCA/index.txt
echo
"01" >> demoCA/serial
for windows:照著上面那個命令自己手動建嘛•••
仍然unable to access the ./demoCA/newcerts
directory
解決辦法:
修改openssl的配置文件openssl.cnf:
首先程序-附件-打開notepad,把openssl.cnf拖進去,
就可以查看這個文件了。
修改這個地方:
[ CA_default ]
dir =\\demoCA # Where everything is kept——————>這個地方修改目錄為你的demoCA文件夾所在的地方,填入路徑。比如我的就是:F:\\Documents and
Settings\\PG33817268\\Desktop\\openssl-0.9.8e\\openssl-0.9.8e\\out32dll\\demoCA(注意路徑要用雙斜槓\\或者單反斜槓/)
certs = $dir\\certs # Where the issued certs are kept
crl_dir = $dir\\crl # Where the issued crl are kept
database = $dir\\index.txt # database index file.
#unique_subject = no # Set to 'no' to allow creation of
# several
ctificates with same subject.
new_certs_dir = $dir\\newcerts # default place for new certs.
certificate = $dir\\cacert.pem # The CA certificate
serial = $dir\\serial # The current serial number
crlnumber = $dir\\crlnumber # the current crl number
# must be
commented out to leave a V1 CRL
crl = $dir\\crl.pem # The current CRL
private_key = $dir\\private\\cakey.pem# The private key
RANDFILE = $dir\\private\\.rand #
沒有留言:
張貼留言