The reason I suggested that

Nikhil Jayan Kandampully · ‎05-27-2014

Hi All,

I was just trying to generate self signed certificate for my VCS-E and VCS-C for running the MRA feature. i have followed the " Cisco VCS Certificate Creation and Deployment Guide X8.1 for that. i am facing some issue to generate server.pem. please see the below mentioned error for the same.

OpenSSL> ca -config openssl_local.cfg -cert cacert.pem -keyfile private/cakey.pe
m -in certcsr.pem -out certs/server.pem -md sha1
Using configuration from openssl_local.cfg
Loading 'screen' into random state - done
Enter pass phrase for private/cakey.pem:
I am unable to access the ./demoCA/newcerts directory
./demoCA/newcerts: No such file or directory
error in ca
OpenSSL>

i have the newcerts directory created under demoCA folder with full access permission. please help me to fix this..

Thanks & Regards,

Nikhil Jayan

jonaranj · ‎05-28-2014

Hello,

Try demoCA in lower case, that could help.

Josue NM

Nikhil Jayan Kandampully · ‎05-28-2014

Hi jonaranj,

Thanks for your reply..

i tried by making demoCA in lower case, but it didn't work. it end upon the same error. see below.

C:\>
C:\>
C:\>cd OpenSSL-Win32\bin\PEM\democa

C:\OpenSSL-Win32\bin\PEM\democa>
C:\OpenSSL-Win32\bin\PEM\democa>
C:\OpenSSL-Win32\bin\PEM\democa>openssl ca -config openssl_local.cfg -cert cacer
t.pem -keyfile private/cakey.pem -in certcsr.pem -out certs/server.pem -md sha1
Using configuration from openssl_local.cfg
Loading 'screen' into random state - done
Enter pass phrase for private/cakey.pem:
I am unable to access the ./democa/newcerts directory
./democa/newcerts: No such file or directory

C:\OpenSSL-Win32\bin\PEM\democa>
C:\OpenSSL-Win32\bin\PEM\democa>

i guess demoCA is a default folder which comes while we install the openssl and i haven't seen anywhere in Cisco documents talks about demoCA in lower case.

Thanks & Regards,

Nikhil Jayan

Wayne DeNardi · ‎05-28-2014

It looks like you may be running the commands from one level too far down the tree - try running from the C:\OpenSSL-Win32\bin\PEM> level rather than C:\OpenSSL-Win32\bin\PEM\democa>.

Wayne

Please remember to mark helpful responses and to set your question as answered if appropriate.

Nikhil Jayan Kandampully · ‎05-29-2014

Hi Wayne,

Thanks for your reply..

openssl program is there inside the demoCA folder, so if i run this command from C:\OpenSSL-Win32\bin\PEM>, i will get a command error.

Thanks & Regards,

Nikhil Jayan

Wayne DeNardi · ‎05-29-2014

The reason I suggested that is because the error message is looking for ./democa/newcerts - so unless there's another democa folder within the democa folder you're running it from, it isn't going to find it.

Wayne

Please remember to mark helpful responses and to set your question as answered if appropriate.

luke.wallace · ‎06-06-2014

i have found it easier to use the Openssl running on VCS to run the commands especially for running self signed cert for single peer VCS's and use the private key generated for the server not the CA key.

Syntax can be a real pain for other deployment.

Jonathan Robb · ‎06-06-2014

Hi,

The following method is how I generate self signed in the lab right on the VCS.

1. Generate CSR on VCS web GUI

2. From root login:

openssl x509 -req -days 900 -in /tandberg/persistent/certs/generated_csr/csr.pem -signkey /tandberg/persistent/certs/generated_csr/privkey.pem -out /tandberg/persistent/certs/server.pem

From root, run the following to copy the CSR Private key generated during CSR request over the old private key.

cp /tandberg/persistent/certs/generated_csr/privkey.pem /tandberg/persistent/certs/privkey.pem

3- Cancel the CSR certificate request on the VCS Web GUI.

This works on X8, X7 has a slightly different directory structure but otherwise is the same.

- Jonathan

Creating a Self-signed certificates using Openssl issue..