Error while creating self-signed SSL certificate

0 投票
最新提问 用户: (140 分)

I tried to create a self-signed certificate based on the instructions in the link in Security key and cert for mosca MQTT broker.

$ openssl genrsa -des3 -out tls-key.pem 1024 (works fine)

$ openssl req -new -key tlk-key -out server.csr (returns error)

The error looks like this on cygwin;

Error opening Private Key tlk-key 6870300:error:02001002:system library:fopen:No such file or directory:bss_file.c:391:fopen('tlk-key','rb') 6870300:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:393: unable to load Private Key

On Ubuntu 16.04, the error looks like this;

Error opening Private Key tlk-key 140137729443480:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('tlk-key','r') 140137729443480:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400: unable to load Private Key

I tried with cygwin and Ubuntu. Can anyone advise what went wrong?

EDIT: I tried the command below after getting the answer from Steffen Ullrich. It still returns an error.

$ openssl req -new -key tlk-key.pem -out server.csr

Error opening Private Key tlk-key.pem 6870300:error:02001002:system library:fopen:No such file or directory:bss_file.c:391:fopen('tlk-key.pem','rb') 6870300:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:393: unable to load Private Key

发表于 用户: (3.2k 分)
The documentation seems to be pretty old. 3DES should not be used anymore and for RSA the recommended key size is 2048.
发表于 用户: (140 分)
Robert , thanks. Do you have any links that point to newer documentation?
发表于 用户: (2.5k 分)
Stack Overflow is a site for programming and development questions. This question appears to be off-topic because it is not about programming or development. See What topics can I ask about here in the Help Center. Perhaps Super User or Unix & Linux Stack Exchange would be a better place to ask. Also see Where do I post questions about Dev Ops?

1个回答

0 投票
最新回答 用户: (2.1k 分)

You create the key file tls-key.pem but then try to use the non-existing file tlk-key instead of the file you've created:

$ openssl genrsa -des3 -out tls-key.pem 1024 (works fine)
                            ^^^^^^^^^^^^
$ openssl req -new -key tlk-key -out server.csr (returns error)
                        ^^^^^^^
发表于 用户: (140 分)
Thanks for pointing out. I tried your answer but still get similar error. I have edited my question accordingly.
发表于 用户: (420 分)
@user91579631 now you are trying to read tlk-key.pem. You should be reading tls-key.pem.
发表于 用户: (140 分)
Oh dear. I feel really stupid.
欢迎来到 Security Q&A ,有什么不懂的可以尽管在这里提问,你将会收到社区其他成员的回答。
...