Odd error while using openssl
When I use openSSL and a config file to sign a intermediate certificate I constantly get the same error. The errors are:
140736005481480:error:02001002:system library:fopen:No such file or directory:bss_file.c:175:fopen('/Volumes/Project - Encrypted/Security/root/ca/index.txt.attr','rb')
140736005481480:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:182:
140736005481480:error:0E078072:configuration file routines:DEF_LOAD:no such file:conf_def.c:195:
140736005481480:error:0E06D06C:configuration file routines:NCONF_get_string:no value:conf_lib.c:324:group=CA_default name=email_in_dn
I understand the first error about the file not being found, but what I dont understand is why the file its looking for isn't the file i define in the config. This is what I put in the config:
database = $dir/index.txt # database index file.
The command I use is sudo openssl ca -config openssl.cnf -extensions v3_intermediate_ca -days 3650 -notext -md sha256 -keyfile private/ca.key.pem -cert certs/ca.cert.pem -in intermediate/csr/intermediate.csr.pem -out intermediate/certs/intermediate.cert.pem
Does anyone understand whats causing these error and how to fix them??
Solution 1:
openssl ca
doesn't just use the database index file (which you have correctly set to be index.txt
) but als a database attribute file. This is always in the same place as the index file and its name is that of the index suffixed with .attr. This attribute file (which is not really documented, as far as I know) holds only one information: The configuration line
unique_subject = yes/no
So what do you need to do? Create the file index.txt.attr
in the folder where your CA is stored (appearantely /Volumes/Project - Encrypted/Security/root/ca) and add to it the single line I mentioned above.