Friday, September 19, 2014

Error While Creating Self-Signed Certificate in OHS

If you are creating self signed certificate as specified in Oracle documentation you may face following error :


Error:

Using configuration from openssl_silent_ohs11g.cnf
Error opening CA private key ./tools/openssl/simpleCA/cakey.pem
6089:error:0E06D06C:configuration file routines:NCONF_get_string:no value:conf_lib.c:329:group=CA_default name=unique_subject
6089:error:02001002:system library:fopen:No such file or directory:bss_file.c:276:fopen('./tools/openssl/simpleCA/cakey.pem','r')
6089:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:278:
unable to load CA private key
Segmentation fault

When you are running: 

./openssl ca -config openssl_silent_ohs11g.cnf -policy policy_anything -batch -out aaa_cert.pem -infiles aaa_req.pem

Solution: 

Open the file openssl_silent_ohs11g.cnf using: 

$vi openssl_silent_ohs11g.cnf

Modify dir location to 

dir = ../openssl/simpleCA 

and re-run the command. 

./openssl ca -config openssl_silent_ohs11g.cnf -policy policy_anything -batch -out aaa_cert.pem -infiles aaa_req.pem

Oracle Doc: http://docs.oracle.com/cd/E28280_01/doc.1111/e38584/webgate_ohs.htm#CACIHHFA

4 comments:

  1. Hi,

    Even after making the above changes, almost similar error appears:-

    Using configuration from openssl_silent_ohs11g.cnf

    Error opening CA private key ./openssl/simpleCA/cakey.pem

    32237:error:0E06D06C:configuration file routines:NCONF_get_string:no value:conf_

    lib.c:329:group=CA_default name=unique_subject

    32237:error:02001014:system library:fopen:Not a directory:bss_file.c:276:fopen('

    ./openssl/simpleCA/cakey.pem','r')

    32237:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:278:

    unable to load CA private key

    Segmentation fault.

    ______________________________________________________________________

    Can somebody help me?

    ReplyDelete
  2. Hi,


    Did you try importing using OHS Wallet ? and what version of OHS you are using?

    ReplyDelete
  3. Hi Ravi,

    Thanks for you reply,,
    Actually, i was writing

    dir = ./openssl/simpleCA

    but when i corrected it to
    dir = ../openssl/simpleCA
    as mentioned in solution above, it worked for me.

    ReplyDelete

Other Posts