[SOLVED] evolution setup assistant in ubuntu

Xanios · 08-02-2010, 04:49 AM

Hi Eric,

i typed sudo rm -r cacert.pem

Code:

xanios@ubuntu:~/demoCA$ sudo rm -r cacert.pem

the certificate still remains.

Code:

xanios@ubuntu:~/demoCA$ cat /etc/ssl/openssl.cnf | grep CA
default_ca	= CA_default		# The default ca section
[ CA_default ]
dir		= ./demoCA		# Where everything is kept
certificate	= $dir/cacert.pem 	# The CA certificate
# For type CA, the listed attributes must be the same, and the optional
# For the CA policy
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
basicConstraints = CA:FALSE
# Extensions for a typical CA
#basicConstraints = critical,CA:true
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# nsCertType = sslCA, emailCA
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE

Xanios · 08-02-2010, 04:50 AM

Quote:

Originally Posted by linuxlover.chaitanya

You are still deleting the file from /etc/ssl/CA directory. You need to delete file from demoCA directory.

cd to demoCA with
cd demoCA and now
rm -v cacert.pem

it gave me:

Code:

xanios@ubuntu:~$ cd demoCA
xanios@ubuntu:~/demoCA$ rm -v cacert.pem
rm: cannot remove `cacert.pem': No such file or directory

linuxlover.chaitanya · 08-02-2010, 04:52 AM

Now if you have already deleted it, you will get the error.

EricTRA · 08-02-2010, 04:54 AM

Hi,

Do another ls in the demoCA directory to check if it's gone or not.

Code:

ls -al

when in the demoCA directory.

Kind regards,

Eric

Xanios · 08-02-2010, 04:54 AM

Hi Chaitanya,

Nope, still not deleted. i check it using cat /etc/ssl/openssl.cnf | grep CA and it is still there:

Code:

[ CA_default ]
dir		= ./demoCA		# Where everything is kept
certificate	= $dir/cacert.pem 	# The CA certificate

Xanios · 08-02-2010, 04:56 AM

Hi Eric,

it is still there

Code:

-rw-r--r--  1 xanios xanios  704 2010-08-02 00:43 careq.pem

EricTRA · 08-02-2010, 04:58 AM

Quote:

Originally Posted by Xanios

Hi Eric,

it is still there

Code:

-rw-r--r--  1 xanios xanios  704 2010-08-02 00:43 careq.pem

Hi,

That's another file. The certificate is cacert.pem. careq.pem is the file used for a certificate request.

If cacert.pem is not in the demoCA directory then you can create a new one as you did before.

Kind regards,

Eric

Xanios · 08-02-2010, 04:58 AM

Hi,

Code:

xanios@ubuntu:~/demoCA$ ls -al
total 40
drwxr-xr-x  6 xanios xanios 4096 2010-08-02 02:51 .
drwxr-xr-x 41 xanios xanios 4096 2010-08-02 00:44 ..
-rw-r--r--  1 xanios xanios  704 2010-08-02 00:43 careq.pem
drwxr-xr-x  2 xanios xanios 4096 2010-08-02 00:41 certs
drwxr-xr-x  2 xanios xanios 4096 2010-08-02 00:41 crl
-rw-r--r--  1 xanios xanios    3 2010-08-02 02:57 crlnumber
-rw-r--r--  1 xanios xanios    0 2010-08-02 02:57 index.txt
-rw-r--r--  1 xanios xanios   21 2010-08-02 00:43 index.txt.attr
-rw-r--r--  1 xanios xanios    0 2010-08-02 00:41 index.txt.old
drwxr-xr-x  2 xanios xanios 4096 2010-08-02 00:43 newcerts
drwxr-xr-x  2 xanios xanios 4096 2010-08-02 00:41 private
-rw-r--r--  1 xanios xanios   17 2010-08-02 00:43 serial

i still cannot create a new one, means it is still there.

EricTRA · 08-02-2010, 05:00 AM

Quote:

Originally Posted by Xanios

Hi Chaitanya,

Nope, still not deleted. i check it using cat /etc/ssl/openssl.cnf | grep CA and it is still there:

Code:

[ CA_default ]
dir		= ./demoCA		# Where everything is kept
certificate	= $dir/cacert.pem 	# The CA certificate

Hello,

This command doesn't tell you anything about the file itself. The only thing this command:

Code:

cat /etc/ssl/openssl.cnf | grep CA

does is show you the content of openssl.conf (cat command) and only those lines that contain CA (the grep part) in them.

Kind regards,

Eric

EricTRA · 08-02-2010, 05:02 AM

Quote:

Originally Posted by Xanios

Hi,

Code:

xanios@ubuntu:~/demoCA$ ls -al
total 40
drwxr-xr-x  6 xanios xanios 4096 2010-08-02 02:51 .
drwxr-xr-x 41 xanios xanios 4096 2010-08-02 00:44 ..
-rw-r--r--  1 xanios xanios  704 2010-08-02 00:43 careq.pem
drwxr-xr-x  2 xanios xanios 4096 2010-08-02 00:41 certs
drwxr-xr-x  2 xanios xanios 4096 2010-08-02 00:41 crl
-rw-r--r--  1 xanios xanios    3 2010-08-02 02:57 crlnumber
-rw-r--r--  1 xanios xanios    0 2010-08-02 02:57 index.txt
-rw-r--r--  1 xanios xanios   21 2010-08-02 00:43 index.txt.attr
-rw-r--r--  1 xanios xanios    0 2010-08-02 00:41 index.txt.old
drwxr-xr-x  2 xanios xanios 4096 2010-08-02 00:43 newcerts
drwxr-xr-x  2 xanios xanios 4096 2010-08-02 00:41 private
-rw-r--r--  1 xanios xanios   17 2010-08-02 00:43 serial

i still cannot create a new one, means it is still there.

Hello,

OK, the drastic approach then

Run the following:

Code:

cd

followed by <ENTER> that takes you back to your home directory. Then:

Code:

sudo rm -r demoCA

That will delete the complete demoCA directory after which you will be able to recreate your certificate from zero.

Kind regards,

Eric

Xanios · 08-02-2010, 05:03 AM

Hi,

but i still can't create the certificate?

Code:

xanios@ubuntu:~$ /usr/lib/ssl/misc/CA.pl -newca
xanios@ubuntu:~$

by right it should ask me to 'create a certificate..' but it didn't

Xanios · 08-02-2010, 05:05 AM

Quote:

Originally Posted by EricTRA

Hello,

OK, the drastic approach then

Run the following:

Code:

cd

followed by <ENTER> that takes you back to your home directory. Then:

Code:

sudo rm -r demoCA

That will delete the complete demoCA directory after which you will be able to recreate your certificate from zero.

Kind regards,

Eric

Hi,

Okay. That did it.

But i wonder how come in the earlier approaches we can't seem to get the certificate deleted. =/ it's so weird.

Anyway, will continue to configure gmail for postfix, hopefully it works

do wait for my latest update LOL =X

Thank you to both Eric and Chaitanya *thumbs-up- (:

EricTRA · 08-02-2010, 05:10 AM

Quote:

Originally Posted by Xanios

Hi,

Okay. That did it.

But i wonder how come in the earlier approaches we can't seem to get the certificate deleted. =/ it's so weird.

Anyway, will continue to configure gmail for postfix, hopefully it works

do wait for my latest update LOL =X

Thank you to both Eric and Chaitanya *thumbs-up- (:

Hi,

I don't know exactly what the CA.pl script controls (have to read it to find out) in order to determine if a certificate exists or not. Most important is that you got it deleted and can start over again.

Good luck and someone is always around here on LQ to help out, so don't worry about that

Kind regards,

Eric

Xanios · 08-02-2010, 05:14 AM

Hi again,

You guys are really helpful, appreciated it lots

Lol sorry for the trouble but now i encountered a problem:

Code:

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
xanios@ubuntu:~$ cp demoCA/cacert.pem FOO-key.pem FOO-cert.pem /etc/postfix
cp: cannot create regular file `/etc/postfix/cacert.pem': Permission denied
cp: cannot create regular file `/etc/postfix/FOO-key.pem': Permission denied
cp: cannot create regular file `/etc/postfix/FOO-cert.pem': Permission denied
xanios@ubuntu:~$

Am supposed to copy them to the /etc/postfix directory as mentioned in the last link you've provided

Xanios · 08-02-2010, 05:19 AM

Oops, sorry i forgot to put 'sudo'. Too agitated while doing LOL