Get CA key error: permission denied

[kacpekwasny]

I am following the instructions step by step, I am on Windows 10:

$ git clone https://github.com/square/certstrap  
$ cd certstrap
$ go build 
$ ./certstrap.exe init --common-name CertAuth
$ ./certstrap.exe request-cert --common-name Alice
$ ./certstrap.exe sign Alice --CA CertAuth
Enter passphrase for CA key (empty for no passphrase): [all passwords are empty]
Get CA key error:  permission denied

I am on windows in powershell. I also tried this fully on WSL debian but with following error: Get certificate request error: permission denied

[kacpekwasny]

Did this on a VPS running debian and it worked. I don't know if this is a reason to close this issue as it isn't really fixed.

[ekremparlak]

Same error happening to me on Debian 11 but i am using binary from release page.

EDIT: same error when building with master branch

[jdtw]

I can't repro on Mac OS master branch. What are the permissions for the key and CSR files?

[aperez456-nobody]

I think the issue has to do with the version of go you are using to build. I tried to build project with go version 1.16.7, then I tried the precompiled binary and was able to resolve this. https://github.com/square/certstrap/releases/tag/v1.2.0

[isemaya-square]

I also built the project with go version 1.16.7, and used https://github.com/square/certstrap/releases/tag/v1.2.0 and was able to sign.

[isemaya-square]

I was also able to built the project with go version 1.18.1 (latest version), and used https://github.com/square/certstrap/releases/tag/v1.2.0 and was able to sign.

[isemaya-square]

Hi kacpekwasny. Thanks again for for flagging this. The issue should be fixed in https://github.com/square/certstrap/pull/155 - can you try cloning the latest version of certstrap in windows and running the steps again?