..........忽略部分信息........
writing new private key to '../../CA/private/cakey.pem'
Enter PEM pass phrase: <password>
Verifying - Enter PEM pass phrase: <password>
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]: <CN>
State or Province Name (full name) [Berkshire]:<shanghai>
Locality Name (eg, city) [Newbury]:<shanghai>
Organization Name (eg, company) [My Company Ltd]:<foo>
Organizational Unit Name (eg, section) []:<bar>
Common Name (eg, your name or your server's hostname) []:<myca.foo.com> !!!!full qualified name!!!
Email Address []: <someone@foo.com>
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /etc/pki/tls/openssl.cnf
Enter pass phrase for ../../CA/private/cakey.pem:<rain>
Check that the request matches the signature
Signature ok
..........忽略部分信息........
> ./CA.pl -newreq-nodes
Generating a 1024 bit RSA private key
............++++++
.......++++++
writing new private key to 'newkey.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:<CN>
State or Province Name (full name) [Berkshire]:<Shanghai>
Locality Name (eg, city) [Newbury]:<Shanghai>
Organization Name (eg, company) [My Company Ltd]:<foo>
Organizational Unit Name (eg, section) []:<bar>
Common Name (eg, your name or your server's hostname) []:<ldapserver.foo.com> !!!!full qualified name!!!
Email Address []:<someone@foo.com>
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Request is in newreq.pem, private key is in newkey.pem
> ./CA.pl -sign
Using configuration from /etc/pki/tls/openssl.cnf
Enter pass phrase for ../../CA/private/cakey.pem: <password>
Check that the request matches the signature
Signature ok
Certificate Details:
.....省略部分内容......
Certificate is to be certified until Apr 16 22:37:14 2008 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
Signed certificate is in newcert.pem
CONNECTED(00000003)
140466123016008:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:184:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 113 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
请问是什么地方的问题,如何解决?谢谢!