OpenSSL 制作证书时出现的错误的解决办法

在制作证书的过程中遇到的问题及解决办法：

 

出现：I am unable to access the ./demoCA/newcerts directory
       ./demoCA/newcerts:Nosuch file or directory
  解决：修改openssl.cnf
  在42行：dir = ./demoCA修改为 dir = ./

 

出现：failed to update database
         TXT_DB error number 2
  解决：修改index.txt.attr
  将unique_subject = yes修改为 unique_subject = no

 

附上详细制作过程：

//把openssl安装目录下的misc拷贝到用户目录下
cd
mkdir sslca
cd sslca
sudo cp /usr/local/ssl/ssl/misc -r ./
sudo cp /usr/local/ssl/ssl/openssl.cnf ./misc
Cd misc
CA.sh –newca
//产生一个demoCA文件夹
cd demoCA
//复制安装目录下面的openssl.cnf文件到demoCA下
sudo cp /usr/local/ssl/ssl/openssl.cnf ./
//产生CA自签名证书
openssl genrsa -out ./private/ca.key -rand ./private/.rnd -des 2048
openssl req -new -x509 -days 3650 -key ./private/ca.key -out ./private/ca.crt -config openssl.cnf
openssl x509 -in ./private/ca.crt -noout -text
//产生server的证书过程
openssl genrsa -out ./private/server.key 1024
openssl req -new -key ./private/server.key -out ./newcerts/server.csr -config openssl.cnf
//这一步如果产生错误，请看后面的解决方法
openssl ca -in ./newcerts/server.csr -cert ./private/ca.crt -keyfile ./private/ca.key -config openssl.cnf -policy policy_anything -out ./certs/server.crt
openssl x509 -in ./certs/server.crt -noout -text
//产生proxy的证书过程
openssl genrsa -out ./private/proxy.key 1024
//这步要是产生错误，请看后面的解决方法
openssl req -new -key ./private/proxy.key -out ./newcerts/proxy.csr -config openssl.cnf
openssl ca -in ./newcerts/proxy.csr -cert ./private/ca.crt -keyfile./private/ca.key -config openssl.cnf -policy policy_anything -out ./certs/proxy.crt
openssl x509 -in ./certs/proxy.crt -noout -text
//产生client的证书过程
openssl genrsa -out ./private/client.key 1024
openssl req -new -key ./private/client.key -out ./newcerts/client.csr -config openssl.cnf
openssl ca -in ./newcerts/client.csr -cert ./private/ca.crt -keyfile ./private/ca.key -config openssl.cnf -policy policy_anything -out ./certs/client.crt
openssl x509 -in ./certs/client.crt -noout -text