OpenSSL creates CA serial file

Sguil Logo I have encountered error below when I followed the Sguil OPENSSL.README to generate a certificate with a local CA for my Sguil 0.7.0 installation on FreeBSD 7.0 Release.

[root@nsm]# openssl x509 -req -in sguild.req -CA CA.pem -CAkey privkey.pem -CAserial file.sr1 -out sguild.pem
Signature ok
subject=/C=MY/ST=PG/O=Sguil/OU=Security/CN=servername
Getting CA Private Key
Enter pass phrase for privkey.pem:
file.sr1: No such file or directory
82464:error:02001002:system library:fopen:No such file or directory:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:352:fopen('file.sr1','r')
82464:error:20074002:BIO routines:FILE_CTRL:system lib:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:354:

OpenSSL Logo From the error message, it is obvious that I did not have the file.sr1 there. Since this was the first time I used the CA to sign the certificate, I would need to create serial key containing serial key. So I run -CAcreateserial as below:

[root@nsm]# openssl x509 -req -in sguild.req -CA CA.pem -CAkey privkey.pem -CAcreateserial -out sguild.pem

This created a new file (CA.srl) containing a serial number. The next time I have to use the -CAserial option when I create new certificate, and specify the path to this file name. The serial number will be incremented each time a new certificate is created.

Tags: , , , ,

2 Responses to “OpenSSL creates CA serial file”

  1. mad Says:

    Would you share your Sguil 0.7.0 installation on FreeBSD 7.0 as a how to?

    Search the web and could not find any article. Regards.

  2. GuTi Says:

    Hi mad, not at the moment, but you could refer NSMwiki for the Sguil installation on RedHat.
    http://nsmwiki.org/Sguil_on_RedHat_HOWTO

Leave a Reply