hi,
i want to generate a certificate request from command line to send to
an external CA. this is what i use:
certutil -S -n "test-server" -s "CN=testserver.example.com"
-c "CA
auth" -t "u,u,u" -m 1023 -v 120 -d .
and i get this error:
certutil: unable to retrieve key CA auth: The private key for this
certificate cannot be found in key database
i''ve imported the root cert for CA auth though the GUI but certutil
seems not to find it.
if i create the request via GUI everything is fine, but i need to use
certutil because i need to pass additional parameters not supported by
the GUI.
any hints?
--
======================= ^ ^
O O
(_ _)
muzzol(a)muzzol.com
=======================jabber id: muzzol(a)jabber.dk
=======================No atribueixis qualitats humanes als ordinadors.
No els hi agrada.
======================="El gobierno español sólo habla con terroristas,
homosexuales y
catalanes, a ver cuando se decide a hablar con gente normal"
Jiménez Losantos
=======================<echelon spamming>
bomb terrorism bush aznar teletubbies
</echelon spamming>
Rob Crittenden
2009-Dec-17 14:45 UTC
Re: [389-users] generate certificate request with certutil
muzzol wrote:> hi, > > i want to generate a certificate request from command line to send to > an external CA. this is what i use: > > > certutil -S -n "test-server" -s "CN=testserver.example.com" -c "CA > auth" -t "u,u,u" -m 1023 -v 120 -d . > > and i get this error: > > > certutil: unable to retrieve key CA auth: The private key for this > certificate cannot be found in key database > > > i''ve imported the root cert for CA auth though the GUI but certutil > seems not to find it. > > if i create the request via GUI everything is fine, but i need to use > certutil because i need to pass additional parameters not supported by > the GUI. > > any hints? >-S generates a certificate using a CA from the same database. You want to create a Certificiate Signing Request (CSR). Try this: certutil -R -s "CN=testserver.example.com" -d . -a This will produce a base64-encoded CSR that you can pass along to your CA. rob
2009/12/17 Rob Crittenden <rcritten@redhat.com>:> -S generates a certificate using a CA from the same database. You want to > create a Certificiate Signing Request (CSR). Try this: > > certutil -R -s "CN=testserver.example.com" -d . -a > > This will produce a base64-encoded CSR that you can pass along to your CA. >thanks! -- ======================= ^ ^ O O (_ _) muzzol(a)muzzol.com =======================jabber id: muzzol(a)jabber.dk =======================No atribueixis qualitats humanes als ordinadors. No els hi agrada. ======================="El gobierno español sólo habla con terroristas, homosexuales y catalanes, a ver cuando se decide a hablar con gente normal" Jiménez Losantos =======================<echelon spamming> bomb terrorism bush aznar teletubbies </echelon spamming>