プライベート認証局
Takami Torao
プライベート認証局を新規に作成する。デフォルトでは ./demoCA というディレクトリに CA が構築される。
$ sudo /usr/lib/ssl/misc/CA.sh -newca
CA certificate filename (or enter to create)
Making CA certificate ...
Generating a 2048 bit RSA private key
...................................................+++
..............................................+++
writing new private key to './demoCA/private/./cakey.pem'
Enter PEM pass phrase:
140424108377752:error:28069065:lib(40):UI_set_result:result too small:ui_lib.c:823:You must type in 4 to 1024 characters
140424108377752:error:0906406D:PEM routines:PEM_def_callback:problems getting password:pem_lib.c:110:
140424108377752:error:0907E06F:PEM routines:DO_PK8PKEY:read key:pem_pk8.c:130:
Using configuration from /usr/lib/ssl/openssl.cnf
unable to load CA private key
139908822206104:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:701:Expecting: ANY PRIVATE KEY
$ ls demoCA/
total 0
drwxrwxrwx 1 torao torao 512 Feb 14 07:11 ./
drwxrwxrwx 1 torao torao 512 Feb 14 07:11 ../
drwxrwxrwx 1 torao torao 512 Feb 14 07:11 certs/
drwxrwxrwx 1 torao torao 512 Feb 14 07:11 crl/
-rwxrwxrwx 1 torao torao 0 Feb 14 07:11 index.txt*
drwxrwxrwx 1 torao torao 512 Feb 14 07:11 newcerts/
drwxrwxrwx 1 torao torao 512 Feb 14 07:11 private/
$java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors証明書チェーン内での証明書の出現順番の問題。PKCS#7 上で証明書チェーンの末端からルート CA に向かう順序で保存しなければならない。
java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors証明書チェーンが trust anchor を含んでいない。
java.security.cert.CertPathValidatorException: Certificate does not specify OCSP responderjava.security.cert.CertPathValidatorException: Could not determine revocation status