Error opening CA private key on Ubuntu

Neo_999 picture Neo_999 · Jan 11, 2015 · Viewed 20.1k times · Source

I am trying to create a self-signed certificate using OpenSSL on Ubuntu 14.04. When I enter the command openssl ca -in tempreq.pem -out server_crt.pem, I get the following error:

Using configuration from /root/myCA/caconfig.cnf  
**Error opening CA private key** ~/myCA/private/cakey.pem  
139754719667872:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('~/myCA/private/cakey.pem','r')  
139754719667872:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:  
unable to load CA private key

I have already verified that nano ~/myCA/private/cakey.pem command opens the cakey.pem file, and that the read permission for this file is enabled.

Any help will be appreciated. Thanks!

Answer

Nicklas Börjesson picture Nicklas Börjesson · Jan 11, 2015

You seem to be running as root, check that you haven't accidentally followed the instructions on the ubuntu.com OpenSSL article too literally and set the dir param in /root/myCA/caconfig.cnf to /home/root/myCA.

This as the root home dir differs from all other home directories by residing in the top folder. So if you have set it to /home/root/myCA, that is not valid, you have to change it to /root/myCA.

Edit (as this was the problem):

Using "~" in the configuration might not work as it might not be expanded properly by openssl. If you are, try use absolute paths instead.