Domino AppDev Pack 1.0.13, IAM Server setup failed, failed to sign the certificate by self-signed CA

Question

I don't have the CA signed certificate for local server: serv.org.com. Therefore, I follow the steps to create the self-signed certificate for IAM server.

openssl genrsa -des3 -out iamserver.key 4096

openssl req -new -key iamserver.key -out iamserver.csr -subj "/O=Org/CN=IAMAccessor" -sha256

openssl x509 -req -days 365 -in iamserver.csr -CA ca.crt -CAkey ca.key -out iamserver.crt -CAserial ca.seq

For the steps above are successful.

However, when I try to run the following steps with error.

"If you are using your self-created CA to sign your certificate, the following sample script demonstrates how to sign a server certificate with it."

openssl x509 -passin pass:passw0rd -req -days 365 -in iamserver.csr -CA ca.crt
-CAkey ca.key -out iamserver.crt -CAcreateserial -CAserial ca.seq -sha256 -extfile
<(printf "[SAN]\nsubjectAltName=DNS:iamserver.com") -extensions SAN

I got an error message: System failed to found the specific files.

Answer 1

Thanks for your replied. I have checked for many times, it is not the file name errors.

I got the directory with all required files such as ca.key and ca.crt, iamserver.csr, iamserver.crt.

It is the windows problem, it is required to create a .cnf file e.g. ssl-extensions-509.cnf as -extfile, according to the tutorial page as attached. https://www.sit.de/SIT/hvblog.nsf/dx/26.05.2020165717HVOKJX.htm

After modified the scripts to the following, it is working now.

openssl x509 -passin pass:Ectestjn1234 -req -days 3650 -in iamserver.csr -CA ca.crt -CAkey ca.key -out iamserver.crt -CAcreateserial -CAserial ca.seq -sha256 -extfile ssl-extensions-509.cnf

C:\Certs\iam\iamserver>openssl x509 -passin pass:password -req -days 3650 -in iamserver.csr -CA ca.crt -CAkey ca.key -out iamserver.crt -CAcreateserial -CAserial ca.seq -sha256 -extfile ssl-extensions-509.cnf
Certificate request self-signature ok
subject=C = TW, ST = Taiwan, L = New Taipei City, O = XXX, CN = XXX

Answer 2

Please be careful, post responses to answers, don't try to edit them.

I'm just responding to the image that came in the original post.

In the first picture, you did not specify the correct path to iamserver.csr That file was in your iamserver directory, so it should look like "-in iamserver\iamserver.csr"

In the picture you responded with you were in iamserver directory, but all of your other ca files where in the directory above. So you need to fix the path to all of the inputs so that they match and point to something.

Answer 3

You are passing an "-in iamserver.csr" but there does not appear to be a csr for iamserver in your dir listing.