Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

Creating a Self-signed certificates using Openssl issue..

Hi All,

 

I was just trying to generate self signed certificate for my VCS-E and VCS-C for running the MRA feature. i have followed the " Cisco VCS Certificate Creation and Deployment Guide X8.1 for that. i am facing some issue to generate server.pem. please see the below mentioned error for the same. 

 

OpenSSL> ca -config openssl_local.cfg -cert cacert.pem -keyfile private/cakey.pe
m -in certcsr.pem -out certs/server.pem -md sha1
Using configuration from openssl_local.cfg
Loading 'screen' into random state - done
Enter pass phrase for private/cakey.pem:
I am unable to access the ./demoCA/newcerts directory
./demoCA/newcerts: No such file or directory

error in ca
OpenSSL>

 

i have the newcerts directory created under demoCA folder with full access permission. please help me to fix this..

 

Thanks & Regards,

Nikhil Jayan

Everyone's tags (1)
7 REPLIES
New Member

Hello, Try demoCA in lower

Hello,

 

Try demoCA in lower case, that could help.

 

Josue NM

Hi jonaranj,Thanks for your

Hi jonaranj,

Thanks for your reply..

i tried by making demoCA in lower case, but it didn't work. it end upon the same error. see below.

 

C:\>
C:\>
C:\>cd OpenSSL-Win32\bin\PEM\democa

C:\OpenSSL-Win32\bin\PEM\democa>
C:\OpenSSL-Win32\bin\PEM\democa>
C:\OpenSSL-Win32\bin\PEM\democa>openssl ca -config openssl_local.cfg -cert cacer
t.pem -keyfile private/cakey.pem -in certcsr.pem -out certs/server.pem -md sha1
Using configuration from openssl_local.cfg
Loading 'screen' into random state - done
Enter pass phrase for private/cakey.pem:
I am unable to access the ./democa/newcerts directory
./democa/newcerts: No such file or directory

C:\OpenSSL-Win32\bin\PEM\democa>
C:\OpenSSL-Win32\bin\PEM\democa>

 

i guess demoCA is a default folder which comes while we install the openssl and  i haven't seen anywhere in Cisco documents talks about demoCA in lower case.

 

Thanks & Regards,

Nikhil Jayan

VIP Purple

It looks like you may be

It looks like you may be running the commands from one level too far down the tree - try running from the C:\OpenSSL-Win32\bin\PEM> level rather than C:\OpenSSL-Win32\bin\PEM\democa>.

Wayne
--
Please remember to rate responses and to mark your question as answered if appropriate.

Hi Wayne, Thanks for your

Hi Wayne,

 

Thanks for your reply..

 

openssl program is there inside the demoCA folder, so if i run this command from C:\OpenSSL-Win32\bin\PEM>, i will get a command error.

 

Thanks & Regards,

Nikhil Jayan

VIP Purple

The reason I suggested that

The reason I suggested that is because the error message is looking for ./democa/newcerts - so unless there's another democa folder within the democa folder you're running it from, it isn't going to find it.

Wayne
--
Please remember to rate responses and to mark your question as answered if appropriate.
New Member

i have found it easier to use

i have found it easier to use the Openssl running on VCS to run the commands especially for running self signed cert for single peer VCS's and use the private key generated for the server not the CA key.

Syntax can be a real pain for other deployment.

Cisco Employee

Hi,The following method is

Hi,

The following method is how I generate self signed in the lab right on the VCS.

1. Generate CSR on VCS web GUI

2. From root login:

openssl x509 -req -days 900 -in /tandberg/persistent/certs/generated_csr/csr.pem -signkey /tandberg/persistent/certs/generated_csr/privkey.pem -out /tandberg/persistent/certs/server.pem

From root, run the following to copy the CSR Private key generated during CSR request over the old private key.

cp /tandberg/persistent/certs/generated_csr/privkey.pem /tandberg/persistent/certs/privkey.pem

3- Cancel the CSR certificate request on the VCS Web GUI.

 

This works on X8,  X7 has a slightly different directory structure but otherwise is the same.

 

- Jonathan

5040
Views
5
Helpful
7
Replies
CreatePlease to create content