Quantcast

Issue on Windows Server 2003 Resigning Expired CA certificate

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Issue on Windows Server 2003 Resigning Expired CA certificate

Brandon Shiers
I have a client that has a CA certificate that has expired.  

They are running Windows Server 2003 and OpenSSL 0.9.8d and FreeRadius for authentiaction.  Their certificate expired yesterday afternoon and I've been trying to get it resigned but I'm getting the following eerrors:

E:\OpenSSL\bin\PEM\demoCA\private>e:\openssl\bin\openssl verify e:\openssl\bin\c
acert.pem
Error opening certificate file e:\openssl\bin\cacert.pem
3964:error:02001002:system library:fopen:No such file or directory:.\crypto\bio\
bss_file.c:352:fopen('e:\openssl\bin\cacert.pem','rb')
3964:error:20074002:BIO routines:FILE_CTRL:system lib:.\crypto\bio\bss_file.c:35
4:
unable to load certificate


E:\OpenSSL\bin>openssl ca -revoke "E:\openssl\bin\PEM\cacert.pem"
Using configuration from E:\OpenSSL\bin\openssl.cnf
Loading 'screen' into random state - done
Error opening CA private key ./demoCA/private/cakey.pem
352:error:02001003:system library:fopen:No such process:.\crypto\bio\bss_file.c:
352:fopen('./demoCA/private/cakey.pem','rb')
352:error:20074002:BIO routines:FILE_CTRL:system lib:.\crypto\bio\bss_file.c:354
:
unable to load CA private key

E:\OpenSSL\bin>openssl req -new -x509 -key "E:\OpenSSL\bin\PEM\demoCA\private\ca
key.pem" -set_serial 0000 -out "E:\OpenSSL\bin\PEM\demoCA\private\cakey.cer"
Enter pass phrase for E:\OpenSSL\bin\PEM\demoCA\private\cakey.pem:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.


E:\OpenSSL\bin>openssl x509 -req -days 3650 -in "E:\OpenSSL\bin\PEM\demoCA\priva
te\cakey.cer" -signkey "E:\OpenSSL\bin\PEM\demoCA\private\cakey.pem" -out "e:\Op
enSSL\bin\PEM\democa\private\cakey.pem"
Loading 'screen' into random state - done
2824:error:0906D06C:PEM routines:PEM_read_bio:no start line:.\crypto\pem\pem_lib
.c:644:Expecting: CERTIFICATE REQUEST

I also tried this command and it failed as well: 

openssl req -new -x509 -key previousprivatekey.pem -set_serial 0000 -out newroot.cer

Any suggestions?  Help would be appreciated.  

Thanks,
Brandon Shiers



--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Issue on Windows Server 2003 Resigning Expired CA certificate

Jeffrey Walton-3
On Fri, Feb 3, 2017 at 12:37 PM, Brandon Shiers
<[hidden email]> wrote:

> I have a client that has a CA certificate that has expired.
>
> They are running Windows Server 2003 and OpenSSL 0.9.8d and FreeRadius for
> authentiaction.  Their certificate expired yesterday afternoon and I've been
> trying to get it resigned but I'm getting the following eerrors:
>
> E:\OpenSSL\bin\PEM\demoCA\private>e:\openssl\bin\openssl verify
> e:\openssl\bin\c
> acert.pem
> Error opening certificate file e:\openssl\bin\cacert.pem
> 3964:error:02001002:system library:fopen:No such file or
> directory:.\crypto\bio\
> bss_file.c:352:fopen('e:\openssl\bin\cacert.pem','rb')
> 3964:error:20074002:BIO routines:FILE_CTRL:system
> lib:.\crypto\bio\bss_file.c:35
> 4:
> unable to load certificate

Check the OpenSSL conf file first:
http://stackoverflow.com/q/16658038. You might find the the error is
due to the openssl.cfg file, and not the cacert.pem file.

Jeff
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Loading...