Comments on: Creating a self-signed PKCS#12 (.p12) certificate using OpenSSL

By: Nitima

Nitima — Wed, 17 Sep 2008 06:03:25 +0000

I am receiving an error when I try to create the certificate package pkcs12.

The error is as follows:

“Loading ’screen’ into random state - done
unable to load private key
error in pkcs12″

Please advise how can this be rectify?

By: Vlado

Vlado — Tue, 08 Jul 2008 09:09:24 +0000

to Pseudo.

Hi, you must do this:
1. # create directory ./demoCA/private and also ./demoCA/newcerts
mkdir demoCA/{private,newcerts}

2. # Then copy p_ca_key.pem to ./demoCA/private/cakey.pem
cp -v p_ca_key.pem ./demoCA/private/cakey.pem

3. # also copy a CA cert to ./demoCA/cacert.pem
cp -v ca_cert.pem ./demoCA/cacert.pem

4. # create database index
touch ./demoCA/index.txt

5. # create file with serial for ex. with 01
echo “01″ > demoCA/serial

I hope it helps.

By: Pseudo

Pseudo — Sun, 06 Jul 2008 02:17:05 +0000

I get the following error attempting step 4.

OpenSSL> ca -config openssl.cnf -policy policy_anything -out newcert.pem -days 1024 -infiles newreq.pem
Using configuration from openssl.cnf
Loading ’screen’ into random state - done
Error opening CA private key ./demoCA/private/cakey.pem
2900:error:02001003:system library:fopen:No such process:.\crypto\bio\bss_file.c
:352:fopen(’./demoCA/private/cakey.pem’,'rb’)
2900:error:20074002:BIO routines:FILE_CTRL:system lib:.\crypto\bio\bss_file.c:35
4:
unable to load CA private key
error in ca

By: Nick

Nick — Wed, 16 Apr 2008 19:57:13 +0000

Thanks for pointing out the dead link, I updated it so it points to the page with the latest Stunnel Windows binaries.

Glad to hear this technique worked for you!

By: Daniel

Daniel — Wed, 16 Apr 2008 17:42:10 +0000

The download link for the “Stunnel.org OpenSSL Binary 1.35 MB” is broken but still able to get the binary from stunnel.org direct. Everything is working fine and success to create a PKCS#12 certificate for my PDA