@rrooggiieerr i tried it again and realised that the folder is not empty. I just cant see the files by the gui in the folder because of missing rights. But with ls
i can see the files… So this is my output. But it is not working for me. Can you recognise some mistakes?
pi@raspberrypi:~ $ sudo su -
root@raspberrypi:~# cd /etc/ssl/
root@raspberrypi:/etc/ssl# openssl genrsa -des3 -out private/my_pimatic_CA.key 4096
Generating RSA private key, 4096 bit long modulus
............................................................++
.............................................................++
e is 65537 (0x10001)
Enter pass phrase for private/my_pimatic_CA.key:
Verifying - Enter pass phrase for private/my_pimatic_CA.key:
root@raspberrypi:/etc/ssl# cd ./private/
root@raspberrypi:/etc/ssl/private# ls
client.key my_pimatic_CA.key
root@raspberrypi:/etc/ssl/private# cd /etc/ssl/
root@raspberrypi:/etc/ssl# openssl req -new -x509 -days 3650 -key private/my_pimatic_CA.key -out certs/my_pimatic_CA.crt
Enter pass phrase for private/my_pimatic_CA.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:DE
State or Province Name (full name) [Some-State]:.
Locality Name (eg, city) []:XXXXXX
Organization Name (eg, company) [Internet Widgits Pty Ltd]:XXXXXX
Organizational Unit Name (eg, section) []:Pimatic
Common Name (e.g. server FQDN or YOUR name) []:XXXXXX.ddns.net
Email Address []:.
root@raspberrypi:/etc/ssl# openssl genrsa -des3 -out private/client.key 4096
Generating RSA private key, 4096 bit long modulus
.......................++
...........++
e is 65537 (0x10001)
Enter pass phrase for private/client.key:
Verifying - Enter pass phrase for private/client.key:
root@raspberrypi:/etc/ssl# openssl req -new -key private/client.key -out client.csr
Enter pass phrase for private/client.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:DE
State or Province Name (full name) [Some-State]:.
Locality Name (eg, city) []:XXXXXX
Organization Name (eg, company) [Internet Widgits Pty Ltd]:XXXXXX
Organizational Unit Name (eg, section) []:Pimatic
Common Name (e.g. server FQDN or YOUR name) []:XXXXXX.ddns.net
Email Address []:.
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
root@raspberrypi:/etc/ssl# ls
certs client.csr openssl.cnf private
root@raspberrypi:/etc/ssl# openssl x509 -req -days 3650 -in client.csr -CA certs/my_pimatic_CA.crt -CAkey private/my_pimatic_CA.key -set_serial 01 -out certs/client.crt
Signature ok
subject=/C=DE/L=XXXXXX/O=XXXXXX/OU=Pimatic/CN=XXXXXX.ddns.net
Getting CA Private Key
Enter pass phrase for private/my_pimatic_CA.key:
root@raspberrypi:/etc/ssl# openssl pkcs12 -export -clcerts -in certs/client.crt -inkey private/client.key -out client.p12
Enter pass phrase for private/client.key:
Enter Export Password:
Verifying - Enter Export Password:
root@raspberrypi:/etc/ssl# ls
certs client.csr client.p12 openssl.cnf private
root@raspberrypi:/etc/ssl# exit
Abgemeldet
missing right to open private folder
pi@raspberrypi:~ $ cd /etc/ssl/private/
bash: cd: /etc/ssl/private/: Keine Berechtigung
And just one last info. I changed the file /etc/nginx/sites-available/default
because the default file in sites-enabled is a linked file of the one in sites-available. Is that okay?