https://bugzilla.novell.com/show_bug.cgi?id=398451 Summary: openssl: CA.sh -sign fails on loading certificate Product: openSUSE 11.0 Version: Factory Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: zajec5@gmail.com QAContact: qa@suse.de Found By: Beta-Customer I find a few easy step-by-step howtos on generating signed certificate. You can find two examples here: http://sandbox.rulemaker.net/ngps/m2/howto.ca.html http://www.octaldream.com/~scottm/talks/ssl/opensslca.html The problem is in last step, when signing generated cert: CA.sh -sign Using configuration from /etc/ssl/openssl.cnf Enter pass phrase for ./demoCA/private/cakey.pem: unable to load certificate 15631:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:647:Expecting: TRUSTED CERTIFICATE cat: newcert.pem: Nie ma takiego pliku ani katalogu Signed certificate is in newcert.pem and the same for .pl version: # CA.pl -sign Using configuration from /etc/ssl/openssl.cnf Enter pass phrase for ./demoCA/private/cakey.pem: unable to load certificate 15681:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:647:Expecting: TRUSTED CERTIFICATE Signed certificate is in newcert.pem Of course I have cakey.pem: # ls ./demoCA/private/ cakey.pem # head -n 2 ./demoCA/private/cakey.pem && echo "..." && tail -n 1 /demoCA/private/cakey.pem -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED .. -----END RSA PRIVATE KEY----- -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.