Setting up plague server - Difficulty w/ SSL setup

Jesse Keating jkeating at j2solutions.net
Thu Aug 4 20:43:12 UTC 2005 

I'm following the README in the plague package, and I'm having trouble
w/ step 6 of Configuring SSL for your Build System.

<quote>
6. Sign the build server certificate request with the BSCA certificate

openssl ca -out server_cert.pem -infiles server_req.pem
<endquote>

If I run this, I get:

[root at plague server]# openssl ca -out server_cert.pem -infiles server_req.pem
Using configuration from /usr/share/ssl/openssl.cnf
Error opening CA private key ./demoCA/private/cakey.pem
18008:error:02001002:system library:fopen:No such file or directory:bss_file.c:259:fopen('./demoCA/private/cakey.pem','r')
18008:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:261:
unable to load CA private key


So it would seem I need to specify the CA private key so I try:

[root at plague server]# openssl ca -keyfile /root/CERTS/CA/private/ca_key.pem -out server_cert.pem -infiles server_req.pem
Using configuration from /usr/share/ssl/openssl.cnf
Error opening CA certificate ./demoCA/cacert.pem
18085:error:02001002:system library:fopen:No such file or directory:bss_file.c:259:fopen('./demoCA/cacert.pem','r')
18085:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:261:
unable to load certificate

Now I'm missing the cert... one more step:

[root at plague server]# openssl ca -keyfile /root/CERTS/CA/private/ca_key.pem -cert /root/CERTS/CA/ca_cert.pem -out server_cert.pem -infiles server_req.pem
Using configuration from /usr/share/ssl/openssl.cnf
I am unable to access the ./demoCA/newcerts directory
./demoCA/newcerts: No such file or directory

Still no juice.  Not sure why it is trying to access the newcerts file.
Can anybody help me with what I'm doing wrong here, or help me generate
a patch to the documentation that will lead people in the right
direction?

-- 
Jesse Keating RHCE      (http://geek.j2solutions.net)
Fedora Legacy Team      (http://www.fedoralegacy.org)
GPG Public Key
(http://geek.j2solutions.net/jkeating.j2solutions.pub)

Was I helpful?  Let others know:
 http://svcs.affero.net/rm.php?r=jkeating

More information about the buildsys mailing list