[Eisfair] SSL Mail intern einschalten

Di Jan 28 18:50:23 CET 2014

Beim Ausführen von Menüpunkt 12 kommt es bereits zu einer Fehlermeldung 
(siehe unten)

Es fehlt wohl schon der ca-key

eis # ls /usr/local/ssl/private/ca.key
ls: cannot access /usr/local/ssl/private/ca.key: No such file or directory
eis #

Ich denke ich bin über den Punkt gestolpert: Erstmal CA erzeugen

???
Steh da jetz grad auf dem Schlauch...

Am 28.01.2014 18:18, schrieb Juergen Edner:
>   12 - sign certificate request with CA key

Server/service/client certificate
  10 - create a new key or select an existing one [imapd] - NEW - done.
  11 - create certificate request - done.
  12 - sign certificate request with CA key
  13 - create Diffie-Hellman parameters (takes up to 20min)
  14 - create .pem certificate and copy it to /usr/local/ssl/certs
  == - create PKCS#12 document
  16 - show key and certificate location

  == - send certificates by e-mail

Please select (1-2,6,10-14,16), (q)uit: 12

The certificate database hasn't been updated since 22.07.2009, update it 
now (y/N): y

0. Passphrase for your CA key.

running command: openssl ca -updatedb
Using configuration from /usr/local/ssl/openssl.cnf
Error opening CA private key /usr/local/ssl/private/ca.key
3082528392:error:02001002:system library:fopen:No such file or 
directory:bss_file.c:398:fopen('/usr/local/ssl/p 
         rivate/ca.key','r')
3082528392:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
unable to load CA private key

You will be asked to enter the following data, after pressing ENTER:

1. Select key usage.
2. Select start date/validity.
3. Passphrase of your CA key.

running command: openssl ca -name Server_CA -in 
/usr/local/ssl/csr/imapd.csr -out /usr/local/ssl/newcerts/imapd 
                        .crt
Press ENTER to continue

  1 - Server usage (server)
  2 - Client usage (e-mail)

Please choose usage type (1-2) [1]: 1

  1 - use default start date/validity: 2014-01-28 18:44:58 / 365 days
  2 - set individual start date/validity

Please choose desired option (1-2) [1]: 1
Using configuration from /usr/local/ssl/openssl.cnf
Error opening CA private key /usr/local/ssl/private/ca.key
3082569352:error:02001002:system library:fopen:No such file or 
directory:bss_file.c:398:fopen('/usr/local/ssl/p 
         rivate/ca.key','r')
3082569352:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
unable to load CA private key
Error loading file /usr/local/ssl/newcerts/ca.crt
3082208904:error:02001002:system library:fopen:No such file or 
directory:bss_file.c:169:fopen('/usr/local/ssl/n 
         ewcerts/ca.crt','r')
3082208904:error:2006D080:BIO routines:BIO_new_file:no such 
file:bss_file.c:172:
3082208904:error:0B084002:x509 certificate 
routines:X509_load_cert_crl_file:system lib:by_file.c:274:
usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose 
purpose] [-crl_check] [-attime timestamp] [-en 
       gine e] cert1 cert2 ...
recognized usages:
         sslclient       SSL client
         sslserver       SSL server
         nssslserver     Netscape SSL server
         smimesign       S/MIME signing
         smimeencrypt    S/MIME encryption
         crlsign         CRL signing
         any             Any Purpose
         ocsphelper      OCSP helper
         timestampsign   Time Stamp signing

If you've generated a new certificate with a start-date in the future
then remember to copy the new certificate to the certificate store
(menu point 14) not before the old certificate has become invalid!

Press ENTER to continue