[Eisfair] SSL Mail intern einschalten

Jens Kluge jk2020 at web.de
Di Jan 28 18:50:23 CET 2014 

Beim Ausführen von Menüpunkt 12 kommt es bereits zu einer Fehlermeldung 
(siehe unten)

Es fehlt wohl schon der ca-key

eis # ls /usr/local/ssl/private/ca.key
ls: cannot access /usr/local/ssl/private/ca.key: No such file or directory
eis #

Ich denke ich bin über den Punkt gestolpert: Erstmal CA erzeugen

???
Steh da jetz grad auf dem Schlauch...


Am 28.01.2014 18:18, schrieb Juergen Edner:
>   12 - sign certificate request with CA key


Server/service/client certificate
  10 - create a new key or select an existing one [imapd] - NEW - done.
  11 - create certificate request - done.
  12 - sign certificate request with CA key
  13 - create Diffie-Hellman parameters (takes up to 20min)
  14 - create .pem certificate and copy it to /usr/local/ssl/certs
  == - create PKCS#12 document
  16 - show key and certificate location

  == - send certificates by e-mail

Please select (1-2,6,10-14,16), (q)uit: 12

The certificate database hasn't been updated since 22.07.2009, update it 
now (y/N): y

0. Passphrase for your CA key.

running command: openssl ca -updatedb
Using configuration from /usr/local/ssl/openssl.cnf
Error opening CA private key /usr/local/ssl/private/ca.key
3082528392:error:02001002:system library:fopen:No such file or 
directory:bss_file.c:398:fopen('/usr/local/ssl/p 
         rivate/ca.key','r')
3082528392:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
unable to load CA private key

You will be asked to enter the following data, after pressing ENTER:

1. Select key usage.
2. Select start date/validity.
3. Passphrase of your CA key.

running command: openssl ca -name Server_CA -in 
/usr/local/ssl/csr/imapd.csr -out /usr/local/ssl/newcerts/imapd 
                        .crt
Press ENTER to continue

  1 - Server usage (server)
  2 - Client usage (e-mail)

Please choose usage type (1-2) [1]: 1

  1 - use default start date/validity: 2014-01-28 18:44:58 / 365 days
  2 - set individual start date/validity

Please choose desired option (1-2) [1]: 1
Using configuration from /usr/local/ssl/openssl.cnf
Error opening CA private key /usr/local/ssl/private/ca.key
3082569352:error:02001002:system library:fopen:No such file or 
directory:bss_file.c:398:fopen('/usr/local/ssl/p 
         rivate/ca.key','r')
3082569352:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
unable to load CA private key
Error loading file /usr/local/ssl/newcerts/ca.crt
3082208904:error:02001002:system library:fopen:No such file or 
directory:bss_file.c:169:fopen('/usr/local/ssl/n 
         ewcerts/ca.crt','r')
3082208904:error:2006D080:BIO routines:BIO_new_file:no such 
file:bss_file.c:172:
3082208904:error:0B084002:x509 certificate 
routines:X509_load_cert_crl_file:system lib:by_file.c:274:
usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose 
purpose] [-crl_check] [-attime timestamp] [-en 
       gine e] cert1 cert2 ...
recognized usages:
         sslclient       SSL client
         sslserver       SSL server
         nssslserver     Netscape SSL server
         smimesign       S/MIME signing
         smimeencrypt    S/MIME encryption
         crlsign         CRL signing
         any             Any Purpose
         ocsphelper      OCSP helper
         timestampsign   Time Stamp signing

If you've generated a new certificate with a start-date in the future
then remember to copy the new certificate to the certificate store
(menu point 14) not before the old certificate has become invalid!

Press ENTER to continue

Mehr Informationen über die Mailingliste Eisfair