# ./CA.pl -sign error  for setting postfix

## Debentoo_Gao

root@finalbaby /etc/ssl/misc # ./CA.pl -sign

Using configuration from /etc/ssl/openssl.cnf

31033:error:0E06D06C:configuration file routines:NCONF_get_string:no value:conf_lib.c:329:group=CA_default name=unique_subject

Enter pass phrase for ./demoCA/private/cakey.pem:

unable to load CA private key

31033:error:06065064:digital envelope routines:EVP_DecryptFinal:bad decrypt:evp_enc.c:450:

31033:error:0906A065:PEM routines:PEM_do_header:bad decrypt:pem_lib.c:423:

Signed certificate is in newcert.pem

If someone can tell me what the error means,thanks

----------

## rmautino

Does anyone know this?  I am getting the same thing too when following the Virtual mail host How  Too.

```

socrates misc # ./CA.pl -sign

Using configuration from /etc/ssl/openssl.cnf

Enter pass phrase for ./demoCA/private/cakey.pem:

unable to load CA private key

1483:error:06065064:digital envelope routines:EVP_DecryptFinal:bad decrypt:evp_enc.c

:450:

1483:error:0906A065:PEM routines:PEM_do_header:bad decrypt:pem_lib.c:423:

Signed certificate is in newcert.pem

```

Any help is greatly appreciated.

Thanks....

----------

## SqwkVFR

Same type of error here, though a little different

```

7321:error:0E06D06C:configuration file routines:NCONF_get_string:no value:conf_lib.c:329:group=CA_Default name=unique_subject

7321:error:0E06D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:637:Expecting: ANY PRIVATE KEY

Signed certifiacate is in newcert.pem

```

It says that the new cert is in newcert.pem, yet it doesn't make a newcert.pem.  Any Ideas???

----------

## i8puppies

re-emerge openssl and remove /etc/ssl/misc/demoCA

----------

## gladius

tried to do this several times - updated to latest ssl, removed demoCA, same error. Re-emerged the

openssl again, removed demoCA, still same error.

Any ideas?

----------

## gladius

Ok. seem to have found a way around it - instead of using 

./CA.pl -newreq

./CA.pl -sign

use 

./CA.pl -signcert 

this generated the request and cert correctly

-AJ

----------

## Marko@mako

I am building an e-mail server as described here: http://www.gentoo.org/doc/en/virt-mail-howto.xml

when i try to make certificate using command:  ./CA.pl -newca, it gives me back this:

   unable to load certificate

   8649:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:637:Expecting: TRUSTED CERTIFICATE

 had anyone had or solved that problem jet?

tanks for your help adn time...

Marko

----------

