05-27-2014 01:48 AM - edited 03-18-2019 03:02 AM
Hi All,
I was just trying to generate self signed certificate for my VCS-E and VCS-C for running the MRA feature. i have followed the " Cisco VCS Certificate Creation and Deployment Guide X8.1 for that. i am facing some issue to generate server.pem. please see the below mentioned error for the same.
OpenSSL> ca -config openssl_local.cfg -cert cacert.pem -keyfile private/cakey.pe
m -in certcsr.pem -out certs/server.pem -md sha1
Using configuration from openssl_local.cfg
Loading 'screen' into random state - done
Enter pass phrase for private/cakey.pem:
I am unable to access the ./demoCA/newcerts directory
./demoCA/newcerts: No such file or directory
error in ca
OpenSSL>
i have the newcerts directory created under demoCA folder with full access permission. please help me to fix this..
Thanks & Regards,
Nikhil Jayan
05-28-2014 07:01 AM
Hello,
Try demoCA in lower case, that could help.
Josue NM
05-28-2014 08:32 AM
Hi jonaranj,
Thanks for your reply..
i tried by making demoCA in lower case, but it didn't work. it end upon the same error. see below.
C:\>
C:\>
C:\>cd OpenSSL-Win32\bin\PEM\democa
C:\OpenSSL-Win32\bin\PEM\democa>
C:\OpenSSL-Win32\bin\PEM\democa>
C:\OpenSSL-Win32\bin\PEM\democa>openssl ca -config openssl_local.cfg -cert cacer
t.pem -keyfile private/cakey.pem -in certcsr.pem -out certs/server.pem -md sha1
Using configuration from openssl_local.cfg
Loading 'screen' into random state - done
Enter pass phrase for private/cakey.pem:
I am unable to access the ./democa/newcerts directory
./democa/newcerts: No such file or directory
C:\OpenSSL-Win32\bin\PEM\democa>
C:\OpenSSL-Win32\bin\PEM\democa>
i guess demoCA is a default folder which comes while we install the openssl and i haven't seen anywhere in Cisco documents talks about demoCA in lower case.
Thanks & Regards,
Nikhil Jayan
05-28-2014 08:21 PM
It looks like you may be running the commands from one level too far down the tree - try running from the C:\OpenSSL-Win32\bin\PEM> level rather than C:\OpenSSL-Win32\bin\PEM\democa>.
Please remember to mark helpful responses and to set your question as answered if appropriate.
05-29-2014 01:55 AM
Hi Wayne,
Thanks for your reply..
openssl program is there inside the demoCA folder, so if i run this command from C:\OpenSSL-Win32\bin\PEM>, i will get a command error.
Thanks & Regards,
Nikhil Jayan
05-29-2014 06:24 PM
The reason I suggested that is because the error message is looking for ./democa/newcerts - so unless there's another democa folder within the democa folder you're running it from, it isn't going to find it.
Please remember to mark helpful responses and to set your question as answered if appropriate.
06-06-2014 08:14 AM
i have found it easier to use the Openssl running on VCS to run the commands especially for running self signed cert for single peer VCS's and use the private key generated for the server not the CA key.
Syntax can be a real pain for other deployment.
06-06-2014 10:16 AM
Hi,
The following method is how I generate self signed in the lab right on the VCS.
1. Generate CSR on VCS web GUI
2. From root login:
openssl x509 -req -days 900 -in /tandberg/persistent/certs/generated_csr/csr.pem -signkey /tandberg/persistent/certs/generated_csr/privkey.pem -out /tandberg/persistent/certs/server.pem
From root, run the following to copy the CSR Private key generated during CSR request over the old private key.
cp /tandberg/persistent/certs/generated_csr/privkey.pem /tandberg/persistent/certs/privkey.pem
3- Cancel the CSR certificate request on the VCS Web GUI.
This works on X8, X7 has a slightly different directory structure but otherwise is the same.
- Jonathan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide