>Number:         22057
>Category:       pkg
>Synopsis:       openssl throws an error while signing cert request
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Jul 05 03:23:02 UTC 2003
>Closed-Date:
>Last-Modified:
>Originator:     
>Release:        NetBSD 1.6.1
>Organization:

		othyro@freeshell.org

>Environment:
	
	
System: NetBSD nixsys 1.6.1 NetBSD 1.6.1 (NIXSYS) #4: Thu Jun 5 16:09:11 EDT 2003 diro@nixsys:/usr/src/sys/arch/alpha/compile/NIXSYS alpha
Architecture: alpha
Machine: alpha
>Description:
	
I start by creating a root certification authority certificate. Then I install the CA root certificate as a trusted root certificate. Then I generate and sign a certificate (not the private root) to be used for https, imaps, or pop3s. When I sign the certificate is when it dies. The perms on the cacert.pem are okay and I am using the password for cacert.pem. After a search on the net, I found nothing that helped me. Any ideas are appreciated.

>How-To-Repeat:

/usr/pkg/bin/openssl req -new -x509 -keyout private/cakey.pem -out cacert.pem -d
ays 3650

/usr/pkg/bin/openssl x509 -in cacert.pem -out cacert.crt

/usr/pkg/bin/openssl req -new -keyout newreq.pem -out newreq.pem -days 3650

/usr/pkg/bin/openssl ca -policy policy_anything -out newcert.pem -infiles newreq
.pem
Using configuration from /usr/pkg/etc/openssl/openssl.cnf
Enter PEM pass phrase:
unable to load CA private key
17957:error:06065064:digital envelope routines:EVP_DecryptFinal:bad decrypt:evp_
enc.c:277:
17957:error:0906A065:PEM routines:PEM_do_header:bad decrypt:pem_lib.c:452:

>Fix:
	Not currently known to me.
>Release-Note:
>Audit-Trail:
>Unformatted: