Im trying to set a ssl certificate authority on a second installation of ispconfig I get this error when doing openssl ca Code: [root@servlet ~]# openssl ca Using configuration from /etc/pki/tls/openssl.cnf Error opening CA private key ../../CA/private/cakey.pem 30739:error:02001002:system library:fopen:No such file or directory:bss_file.c:352:fopen('../../CA/private/cakey.pem','r') 30739:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:354: unable to load CA private key [root@servlet ~]# Is there a reason why this is? Does the perfect install for centos 5.1 cause this somehow?
Im following instructions from http://mia.ece.uic.edu/~papers/volans/settingupCA.html set two quotes Openssl has a global configuration file that it uses. To find out the location of this file use sshvpn@mia:~> openssl ca Using configuration from /usr/share/ssl/openssl.cnf ---SNIP-- This file has some useful sections.. Take a look at it. Pretty much self explanatory. Let us now start making our own Certificate Authority So im assuming "openssl ca" is supposed to show global configurations. i cant go to step 3 if step 2 doesnt have the global configuration files it needs :O I remember making symlinks in the Perfect setup guide for centos 5.1 as instructed. Thats why im asking.
The global configuration file in your case is: /etc/pki/tls/openssl.cnf But if you just want to use SSL certificates in ISPConfig websites, I recommend to use the builtin functions of ISPConfig to create a csr and certificate.
So this sets up a CA in ISPconfig? Here is my goal. I have ns1 and ns2 on different boxes. my ns1 hosts websites as well. They both have ispconfig installed on them. Since my ns2 ISPconfig doesnt do anything but be a slave for ns1 i want it to hande Certification Authority. This where im getting stuck on this step. The second server does not handle webhosting. It justs a nameserver "ns2" So im trying to make it handle Certification Authority Resources ive read on this. http://mia.ece.uic.edu/~papers/volans/settingupCA.html http://www.devx.com/Java/Article/10185 being your own CA helps to prevent expensive fees from Thawte or Verisign for otherwise what is a perfectly good Certificate.
So do you think this is doable on my second nameserver box? And how will it collide with ISPconfig. I recall all the symlinks made but i dont think ISPconfig is a CA itself. Im trying to follow the instruction 2nd step here on my second box. http://mia.ece.uic.edu/~papers/volans/settingupCA.html and its giving that error.
Yes but a different type of Error it will ask them if they want to trust the Certificate Athourity. They will say yes and never get the error message again.
