I am working with O'Reilly's book on SSL, which uses openSSL for its examples.
After creating a configuration file:
[ ca ]
default_ca = mobileCA
[ mobileCA ]
dir = /users/crodgers/src/sds2mobile/Server/CA
certificate = $dir/cacert.pem
database = $dir/index.txt
new_certs_dir = $dir/certs
private_key = $dir/private/key.pem
serial = $dir/serial
default_crl_days = 7
default_days = 365
default_md = md5
policy = mobile_CA_policy
x509_extensions = certificate_extensions
[ mobileCA_policy ]
commonName = SDS/2 Mobile Certificate
stateOrProvinceName = Nebraska
countryName = US
emailAddress = [email protected]
organizationName = Design Data
[ certificate_extensions ]
basicConstraints = CA:false
[ req ]
default_bits = 2048
default_keyfile = /users/crodgers/src/sds2mobile/Server/CA/private/key.pem
default_md = md5
prompt = no
distinguished_name = root_ca_distinguished_name
x509_extensions = root_ca_extensions
[ root_ca_distinguished_name ]
commonName = Root Certificate
stateOrProvinceName = Nebraska
countryName = US
emailAddress = [email protected]
organizationName = Design Data
[ root_ca_extensions ]
basicConstraints = CA:true
The user is instructed to enter the following command:
openssl req -x509 -newkey rsa -out cacert.pem -outform PEM
This is supposed to create a self-signed root certificate.
This command gives me the -help output. I'm assuming something in the command is incorrect, but have been unable to narrow down what.
Currently working in Ubuntu 10.04 and openSSL 0.9.8k
You're missing the RSA key size, e.g. -newkey rsa:1024 for a 1024-bit key.