Errors in CA documentation

[jfernandezsqs]

I have reviewed the IDS-testbed CA specifications and I have encountered one broken link and that the section Creation of a certificate for an existing key pair is not working.

• The broken link is at this section Link to the current specification, with broken link https://industrialdataspace.jiveon.com/docs/DOC-3611.
• I have also tried this part of the documentation:

I have followed these steps: 1) Generate test.crt, test.key, test.p12and testcrt.pem

openssl req -x509 -newkey rsa:2048 -sha256 -days 2650 -nodes -keyout test.key -out test.crt -subj "/C=ES/ST=Bizkaia/L=Bilbao/O=SQS/CN=test" -addext "subjectAltName=DNS:test"
openssl pkcs12 -export -out test.p12 -inkey test.key -in test.crt
openssl pkcs12 -in test.p12 -out testcrt.pem -clcerts -nokeys

2) Execute the command provided in the documentation to sign the public key

python3 pki.py cert sign --key-file ./data/testcrt.pem --subCA ReferenceTestbedSubCA --common-name "Example" --client --server

This is the error message obtained:

sqs@sqs-VirtualBox:~/Escritorio/IDS-testbed/CertificateAuthority/data$ ls
ca  cert  subca  test.crt  testcrt.pem  test.key  test.p12
sqs@sqs-VirtualBox:~/Escritorio/IDS-testbed/CertificateAuthority/data$ cd ..
sqs@sqs-VirtualBox:~/Escritorio/IDS-testbed/CertificateAuthority$ python3 pki.py cert sign --key-file ./data/testcrt.pem --subCA ReferenceTestbedSubCA --common-name "Example" --client --server
Traceback (most recent call last):

  File "pki.py", line 31, in <module>
    cert.sign(args)
  File "/home/sqs/Escritorio/IDS-testbed/CertificateAuthority/cert.py", line 123, in sign
    device_key = crypto.load_publickey(crypto.FILETYPE_PEM, f.read())
  File "/usr/lib/python3/dist-packages/OpenSSL/crypto.py", line 2773, in load_publickey
    _raise_current_error()
  File "/usr/lib/python3/dist-packages/OpenSSL/_util.py", line 54, in exception_from_error_queue
    raise exception_type(errors)
OpenSSL.crypto.Error: [('PEM routines', 'get_name', 'no start line')]

I have also tried with:

python3 pki.py cert sign --key-file /home/sqs/Escritorio/IDS-testbed/CertificateAuthority/data/testcrt.pem --subCA ReferenceTestbedSubCA --common-name "Example" --client –server

python3 pki.py cert sign --key-file ./data/test.crt --subCA ReferenceTestbedSubCA --common-name "Example" --client –server

python3 pki.py cert sign --key-file ./data/test.key --subCA ReferenceTestbedSubCA --common-name "Example" --client --server

And I have obtained the same error message. Could you please guide me to the correct command so that the local CA can sign the certificates?

[davidjovanovic]

Hello, I'm currently facing the same issue when trying to sign the certificates. Are there any news or perhaps a solution?