Creating your own Root CA with OpenSSL on Windows, and
tls - Revoke a certificate without index.txt - Information The openssl command-line tool can maintain such a list for you: that's the index.txt file, as maintained by the openssl ca command-line option. If you don't use it, then you will have to maintain the information yourself, which is, at best, cumbersome. OpenSSL - OpenSSL "ca" Error "unable to open ./demoCA C:\Users\fyicenter>\local\OpenSSL-Win32\bin\openssl.exe OpenSSL> ca -in test.csr -keyfile my_ca.key -cert my_ca.crt Using configuration from C:\local\OpenSSL-Win32\bin\openssl.cfg Enter pass phrase for my_ca.key:fyicenter ./demoCA/index.txt: No such file or directory unable to open './demoCA/index.txt' 9632:error:02001002:system library:fopen Odd error while using openssl - Server Fault openssl ca doesn't just use the database index file (which you have correctly set to be index.txt) but als a database attribute file. This is always in the same place as the index file and its name is that of the index suffixed with .attr.This attribute file (which is not really documented, as far as I know) holds only one information: The configuration line How to revoke an openssl certificate when you don't have
Nov 13, 2013
openssl ca -- sample minimal CA application
Using OpenSSL and pfSense to sign a Subordinate Windows
Jan 19, 2015 x509 - OpenSSL as a CA without touching the certs/crl I think you might get better responses if you specified your minimum requirements, i.e. would you be satisfied with any solution that given a CA certificate and key can sign a client certificate or does it have to use openssl ca? (Not that I know any better answer offhand) – user786653 Oct 18 '11 at 15:41