Domino AppDev Pack 1.0.13, IAM Server setup failed, failed to sign the certificate by self-signed CA

Question

I don't have the CA signed certificate for local server: serv.org.com. Therefore, I follow the steps to create the self-signed certificate for IAM server.

openssl genrsa -des3 -out iamserver.key 4096

openssl req -new -key iamserver.key -out iamserver.csr -subj "/O=Org/CN=IAMAccessor" -sha256

openssl x509 -req -days 365 -in iamserver.csr -CA ca.crt -CAkey ca.key -out iamserver.crt -CAserial ca.seq

For the steps above are successful.

However, when I try to run the following steps with error.

"If you are using your self-created CA to sign your certificate, the following sample script demonstrates how to sign a server certificate with it."

openssl x509 -passin pass:passw0rd -req -days 365 -in iamserver.csr -CA ca.crt
-CAkey ca.key -out iamserver.crt -CAcreateserial -CAserial ca.seq -sha256 -extfile
<(printf "[SAN]\nsubjectAltName=DNS:iamserver.com") -extensions SAN

I got an error message: System failed to found the specific files.

Answer 1

Thanks for your replied. I have checked for many times, it is not the file name errors.

I got the directory with all required files such as ca.key and ca.crt, iamserver.csr, iamserver.crt.

It is the windows problem, it is required to create a .cnf file e.g. ssl-extensions-509.cnf as -extfile, according to the tutorial page as attached. https://www.sit.de/SIT/hvblog.nsf/dx/26.05.2020165717HVOKJX.htm

After modified the scripts to the following, it is working now.

openssl x509 -passin pass:Ectestjn1234 -req -days 3650 -in iamserver.csr -CA ca.crt -CAkey ca.key -out iamserver.crt -CAcreateserial -CAserial ca.seq -sha256 -extfile ssl-extensions-509.cnf

C:\Certs\iam\iamserver>openssl x509 -passin pass:password -req -days 3650 -in iamserver.csr -CA ca.crt -CAkey ca.key -out iamserver.crt -CAcreateserial -CAserial ca.seq -sha256 -extfile ssl-extensions-509.cnf
Certificate request self-signature ok
subject=C = TW, ST = Taiwan, L = New Taipei City, O = XXX, CN = XXX