<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
p
        {mso-style-priority:99;
        margin:0cm;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
p.xmsonormal, li.xmsonormal, div.xmsonormal
        {mso-style-name:x_msonormal;
        margin:0cm;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
span.EmailStyle19
        {mso-style-type:personal-reply;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;}
@page WordSection1
        {size:612.0pt 792.0pt;
        margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Hi Sergio <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Thanks a lot <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>My goal is to achieve a SAMBA auth using PKi ( as per ref here : <a href="https://wiki.samba.org/index.php/Samba_AD_Smart_Card_Login">https://wiki.samba.org/index.php/Samba_AD_Smart_Card_Login</a> ) <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>More specifically, related then to openSSL, this chapter<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><a href="https://wiki.samba.org/index.php/Samba_AD_Smart_Card_Login#Prerequisites">https://wiki.samba.org/index.php/Samba_AD_Smart_Card_Login#Prerequisites</a><o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>sounds achievable for you ? <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Thanks a lot<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Lionel<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Sergio NNX [mailto:sfhacker@hotmail.com] <br><b>Sent:</b> 18 March 2020 23:13<br><b>To:</b> Lionel Monchecourt; openssl-users@openssl.org<br><b>Subject:</b> Re: Issue generating certificate for a Samba AD - index.txt<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal><span style='font-family:"Calibri","sans-serif";color:black'>We have been creating certificates (Root CA, intermediate, end user, smartcard login, etc) for ages.<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-family:"Calibri","sans-serif";color:black'>We have set up our own PKI infrastructure using openssl command line tool.<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-family:"Calibri","sans-serif";color:black'>If you email us the details/extensions you need your certificates to have, we can generate some test certs for you.<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-family:"Calibri","sans-serif";color:black'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='font-family:"Calibri","sans-serif";color:black'>How familiar are you with OpenSSL?<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-family:"Calibri","sans-serif";color:black'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='font-family:"Calibri","sans-serif";color:black'>Regards.<o:p></o:p></span></p></div><div><div><p class=MsoNormal><span style='font-family:"Calibri","sans-serif";color:black'><o:p> </o:p></span></p></div><div class=MsoNormal align=center style='text-align:center'><hr size=2 width="98%" align=center></div><div id=divRplyFwdMsg><p class=MsoNormal><b><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:black'>From:</span></b><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:black'> openssl-users <openssl-users-bounces@openssl.org> on behalf of Lionel Monchecourt <lionel.monchecourt@free.fr><br><b>Sent:</b> Thursday, 19 March 2020 8:27 AM<br><b>To:</b> openssl-users@openssl.org <openssl-users@openssl.org><br><b>Subject:</b> Issue generating certificate for a Samba AD - index.txt</span> <o:p></o:p></p><div><p class=MsoNormal> <o:p></o:p></p></div></div><div><div><p class=xmsonormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'>Hi , trying to generate a certify using <o:p></o:p></span></p><p class=xmsonormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'> <o:p></o:p></span></p><p class=xmsonormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'>openssl copenssl ca -config /etc/ssl/user-openssl.cnf -in dc-req.pem -out dc-cert.pem<o:p></o:p></span></p><p class=xmsonormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'> <o:p></o:p></span></p><p class=xmsonormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'>I get the following : <o:p></o:p></span></p><p class=xmsonormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'> <o:p></o:p></span></p><p class=xmsonormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'>Using configuration from /etc/ssl/user-openssl.cnf<o:p></o:p></span></p><p class=xmsonormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'>Enter pass phrase for ./private/cakey.pem:<o:p></o:p></span></p><p class=xmsonormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'>139946396877888:error:02001002:system library:fopen:No such file or directory:../crypto/bio/bss_file.c:69:fopen('./index.txt','r')<o:p></o:p></span></p><p class=xmsonormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'>139946396877888:error:2006D080:BIO routines:BIO_new_file:no such file:../crypto/bio/bss_file.c:76:<o:p></o:p></span></p><p class=xmsonormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'> <o:p></o:p></span></p><p class=xmsonormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'>I found a post saying that you just need to create the index.txt file,but it leads to “no result “<o:p></o:p></span></p><p class=xmsonormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'>Another post was saying to insert  in the file “unique_subject = no” <o:p></o:p></span></p><p class=xmsonormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'>Nothing at all ( putting yes or no ), as attempts…<o:p></o:p></span></p><p class=xmsonormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'>Any insights ? <o:p></o:p></span></p><p class=xmsonormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'>Thx<o:p></o:p></span></p><p class=xmsonormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'> <o:p></o:p></span></p></div><div id="x_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2"><p class=MsoNormal><o:p> </o:p></p><table class=MsoNormalTable border=1 cellpadding=0 style='border:none;border-top:solid #D3D4DE 1.0pt'><tr><td width=55 style='width:41.25pt;border:none;padding:9.75pt .75pt .75pt .75pt'><p class=MsoNormal><a href="https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient" target="_blank"><span style='text-decoration:none'><img border=0 width=46 height=29 id="_x0000_i1026" src="https://ipmcdn.avast.com/images/icons/icon-envelope-tick-round-orange-animated-no-repeat-v1.gif"></span></a><o:p></o:p></p></td><td width=470 style='width:352.5pt;border:none;padding:9.0pt .75pt .75pt .75pt'><p class=MsoNormal style='line-height:13.5pt'><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:#41424E'>Virus-free. <a href="https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient" target="_blank"><span style='color:#4453EA'>www.avast.com</span></a> <o:p></o:p></span></p></td></tr></table><p class=MsoNormal><o:p> </o:p></p></div></div></div></div></body></html>