search

falcosecurity / falco-website

Source code of the official Falco website
https://falco.org
Creative Commons Attribution 4.0 International
35 stars 222 forks source link

Unable to Generate valid Client Key/Cert on Ubuntu 18.04 #326

Closed Rajakavitha1 closed 3 years ago

Rajakavitha1 commented 3 years ago

What happened: I followed the instructions https://falco.org/docs/grpc/#certificates in Ubuntu 18.04 where falco is installed. I was able to Generate valid Server Key/Cert

I then tried to Generate valid Client Key/Cert on another Ubuntu18.04 client

What you expected to happen: Signature ok subject=C = SP, ST = Italy, L = Ornavasso, O = Test, OU = Client, CN = localhost Getting CA Private Key

How to reproduce it (as minimally and precisely as possible): On Ubuntu 18.04 try the steps documented for Generate valid Client Key/Cert

Anything else we need to know?:

As you can see in the terminal output we do run into an error when generating the client key, however when you comment out RANDFILE = $ENV::HOME/.rnd line in /etc/ssl/openssl.cnf. It works. However, the ca.crt key does not get genarated.


Generating RSA private key, 4096 bit long modulus (2 primes)
........................................................................................................++++
............................................................................................++++
e is 65537 (0x010001)
root@client:/tmp# openssl req -passin pass:1234 -new -key client.key -out client.csr -subj  "/C=SP/ST=Italy/L=Ornavasso/O=Test/OU=Client/CN=localhost"
Can't load /root/.rnd into RNG
139812046795200:error:2406F079:random number generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:88:Filename=/root/.rnd
root@client:/tmp# nano /etc/ssl/openssl.cnf
root@client:/tmp# openssl req -passin pass:1234 -new -key client.key -out client.csr -subj  "/C=SP/ST=Italy/L=Ornavasso/O=Test/OU=Client/CN=localhost"
root@client:/tmp# openssl x509 -passin pass:1234 -req -days 365 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out client.crt
Signature ok
subject=C = SP, ST = Italy, L = Ornavasso, O = Test, OU = Client, CN = localhost
Can't open ca.crt for reading, No such file or directory
140055815455168:error:02001002:system library:fopen:No such file or directory:../crypto/bio/bss_file.c:72:fopen('ca.crt','r')
140055815455168:error:2006D080:BIO routines:BIO_new_file:no such file:../crypto/bio/bss_file.c:79:
unable to load certificate
root@client:/tmp# ```
Rajakavitha1 commented 3 years ago

closing the issue because ca.crt was not copied