Mario Remy Almeida wrote:
> Hi All
>
> I followed the steps mentioned in the below url
> http://wiki.squid-cache.org/ConfigExamples/Reverse/SslWithWildcardCertifiate
>
> when below cmd executed
>
> openssl req -x509 -newkey rsa -out cacert.pem -outform PEM -days 1000
>
> I get below message which means some options missing.
>
> can someone tell me what am i missing?
>
> is it rsa:1024 instead rsa?
Yes it needs the bit-length. Though for the CA cert its advised to use
stronger/longer bit length than normal. 2048 bits is mentioned in the
wiki for now.
Thanks for reporting that. Wiki updated.
Amos
>
>
> req [options] <infile >outfile
> where options are
> -inform arg input format - DER or PEM
> -outform arg output format - DER or PEM
> -in arg input file
> -out arg output file
> -text text form of request
> -pubkey output public key
> -noout do not output REQ
> -verify verify signature on REQ
> -modulus RSA modulus
> -nodes don't encrypt the output key
> -engine e use engine e, possibly a hardware device
> -subject output the request's subject
> -passin private key password source
> -key file use the private key contained in file
> -keyform arg key file format
> -keyout arg file to send the key to
> -rand file:file:...
> load the file (or the files in the directory) into
> the random number generator
> -newkey rsa:bits generate a new RSA key of 'bits' in size
> -newkey dsa:file generate a new DSA key, parameters taken from CA in
> 'file'
> -[digest] Digest to sign with (md5, sha1, md2, mdc2, md4)
> -config file request template file.
> -subj arg set or modify request subject
> -multivalue-rdn enable support for multivalued RDNs
> -new new request.
> -batch do not ask anything during request generation
> -x509 output a x509 structure instead of a cert. req.
> -days number of days a certificate generated by -x509 is valid
> for.
> -set_serial serial number to use for a certificate generated by
> -x509.
> -newhdr output "NEW" in the header lines
> -asn1-kludge Output the 'request' in a format that is wrong but some
> CA's
> have been reported as requiring
> -extensions .. specify certificate extension section (override value in
> config file)
> -reqexts .. specify request extension section (override value in
> config file)
> -utf8 input characters are UTF8 (default ASCII)
> -nameopt arg - various certificate name options
> -reqopt arg - various request text options
>
>
> //Remy
>
>
> ------------------------------------------------------------------------------
> Disclaimer and Confidentiality
>
>
> This material has been checked for computer viruses and although none has
> been found, we cannot guarantee that it is completely free from such problems
> and do not accept any liability for loss or damage which may be caused.
> Please therefore check any attachments for viruses before using them on your
> own equipment. If you do find a computer virus please inform us immediately
> so that we may take appropriate action. This communication is intended solely
> for the addressee and is confidential. If you are not the intended recipient,
> any disclosure, copying, distribution or any action taken or omitted to be
> taken in reliance on it, is prohibited and may be unlawful. The views
> expressed in this message are those of the individual sender, and may not
> necessarily be that of ISA.
-- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE16 Current Beta Squid 3.1.0.9Received on Sun Jul 05 2009 - 22:45:23 MDT
This archive was generated by hypermail 2.2.0 : Mon Jul 06 2009 - 12:00:02 MDT