LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux From Scratch (https://www.linuxquestions.org/questions/linux-from-scratch-13/)
-   -   LFS12.0 -- 'make-ca -g' unable to get certdata.txt (https://www.linuxquestions.org/questions/linux-from-scratch-13/lfs12-0-make-ca-g-unable-to-get-certdata-txt-4175729856/)

Hiroyuki Hirohata 10-13-2023 08:36 PM
[SOLVED] LFS12.0 -- 'make-ca -g' unable to get certdata.txt
 
Hello,
I have setup LFS 12.0 and then trying to setup certificates related stuff.
Stuck at getting local certificate...
Installation is in the following sequence.
openssl-3.1.2
libtasn1-4.19.0
p11-kit-0.25.0
make-ca-1.12
however I encountered the following error in the middle of make-ca setup, and stuck.
Code:
root@lfs:/sources/make-ca-1.12# /usr/sbin/make-ca -g
Checking for new version of certdata.txt...done.
Unable to get revision from server! Exiting.
the below is the log content
Code:
root@lfs:/tmp/tmp.gUL2krMSrf# cat certdata.txt.log
CONNECTED(00000003)
---
Certificate chain
 0 s:C = US, ST = California, L = San Francisco, O = Mozilla Foundation, CN = hg.mozilla.org
  i:C = US, O = DigiCert Inc, CN = DigiCert Global G2 TLS RSA SHA256 2020 CA1
  a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
  v:NotBefore: Sep 19 00:00:00 2023 GMT; NotAfter: Sep 18 23:59:59 2024 GMT
 1 s:C = US, O = DigiCert Inc, CN = DigiCert Global G2 TLS RSA SHA256 2020 CA1
  i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
  a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
  v:NotBefore: Mar 30 00:00:00 2021 GMT; NotAfter: Mar 29 23:59:59 2031 GMT
---
no peer certificate available
---
No client certificate CA names sent
Server Temp Key: ECDH, prime256v1, 256 bits
---
SSL handshake has read 3574 bytes and written 678 bytes
Verification error: unable to get local issuer certificate
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 20 (unable to get local issuer certificate)
---
root@lfs:/tmp/tmp.gUL2krMSrf#
I once built LFS 11.3/BLFS and successfully setup, but this time I may have missed something.
Can anyone point me where I am wrong?
Thanks
Hiroyuki

Keith Hedger 10-17-2023 06:45 AM
I had the same problem I upgraded to version 1.13 and re-installed which fixed it.

Keith Hedger 10-19-2023 05:26 AM
If this has solved your problem or you have found another way please post and then mark this thread SOLVED

rsmereka 12-10-2023 09:15 AM
Thanks Keith,

I am also building BLFS and encountered the same error when executing:
Code:
/usr/sbin/make-ca -g
I took your advice and downloaded the new 1.13 make-ca package and re-ran the instructions from the BLFS book.

wrinklytech 01-25-2024 02:24 AM
Thanks from me too Keith. Re-ran the make-ca install with v1.13 and all good.


All times are GMT -5. The time now is 01:55 AM.