Failed to sign CSR with the CA root key

by

I’m trying to implement Mutual Certificate Authentication , I have to be the CA and server at the same time , generate certificates and sign them for users. and I’m following this tutorial which is a very simple one comparing to the complicated articles on the web , steps are :

  • The process for creating your own certificate authority is pretty straight forward:
    1. Create a private key
    2. Self-sign
    3. Install root CA on your various workstations // ????
  • Once you do that, every device that you manage via HTTPS just needs to have its own certificate created with the following steps:
    1. Create CSR for device
    2. Sign CSR with root CA key /// THIS STEP

Create the Root Key :

openssl genrsa -out rootCA.key 2048

self-sign this certificate.

openssl req -x509 -new -nodes -key rootCA.key -days 1024 -out rootCA.pem

Create A Certificate (Done Once Per Device) : 

openssl genrsa -out device.key 2048
openssl req -new -key device.key -out device.csr
openssl x509 -req -in device.csr -CA root.pem -CAkey root.key -CAcreateserial -out device.crt -days 500

The last command is giving me this error : 

Signature ok
subject=/C=XX/L=Default City/O=Default Company Ltd/CN=192.168.1.108
Error opening CA Certificate root.pem
3078969068:error:02001002:system library:fopen:No such file or directory:bss_file.c:355:fopen('root.pem','r')
3078969068:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:357:
unable to load certificate

The root.pem exists in the same folder why is it not being seen ?

Also, the first two commands gave me two files, root.key and root.pem:
there’s no crt file to give to browser .

What’s wrong?

Contents hide
Answers:
Method 1

Answers:

Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.

Method 1

Verify the name of your certificate. It’s inconsistent (root.pem in a command, rootCA.pem in another).

You can install the root.pem file on your client hosts as indicated in the article, it’s your CA certificate. PEM is a format for certificate, others exist. .crt is a generic extension. You can rename your certificate from root.pem to root.crt if you want to.


All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

0 0 votes
Article Rating
Subscribe
Notify of
guest

0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x