Women in Technology

Hear us Roar



Article:
  Deploying a VPN with PKI
Subject:   if anyone gets stuck in the same way...
Date:   2004-10-26 08:33:11
From:   myriapod
I'm testing the described setup on Mandrake 10.
First of all I had to download openssl-0.9.7d from the cooker cos the default was 0.9.7c.


Then using the openssl.cnf provided by this article I kept getting this ugly error on every certificate signing attempt:


variable lookup failed for CA_vpn::default_md
15411:error:02001002:system library:fopen:No such file or directory:bss_file.c:104:fopen('/home/vpn/ca/index.txt.attr','rb')
15411:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:107:
15411:error:0E064072:configuration file routines:CONF_load:no such file:conf_def.c:197:
15411:error:0E06D06C:configuration file routines:NCONF_get_string:no value:conf_lib.c:329:group=CA_vpn name=default_md


Adding:
default_md = md5
to openssl.cnf fixes the problem.


Hope it helps.
Bye.

Full Threads Newest First

Showing messages 1 through 3 of 3.

  • if anyone gets stuck in the same way...
    2004-10-26 13:56:25  inyotech [View]

    I think you might have err'd on cut-n-paste as I can see this in the middle of the config file:


    # Issued certificates will be valid for 1 year
    default_days = 365
    default_crl_days= 30

    # Hashing function
    default_md = md5



    Although maybe it needs to be in a different section. Thanks for the note.
    • if anyone gets stuck in the same way...
      2004-10-26 15:28:10  myriapod [View]

      It was right under my eyes, I'm sorry! I don't really know how did I miss that! I should definitely get some sleep. :)
    • if anyone gets stuck in the same way...
      2006-03-27 11:24:13  amjice [View]

      Can this MD be changed to something like "SHA1"? Sorry if this is a basic questions. I'm a bit of a newbie.

      I've already created the keys and certs after changing it to SHA1 but couldn't really make heads or tails about whether it took or not.

      Thanks.