Error opening CA private key on Ubuntu

Question

I am trying to create a self-signed certificate using OpenSSL on Ubuntu 14.04. When I enter the command openssl ca -in tempreq.pem -out server_crt.pem, I get the following error:

Using configuration from /root/myCA/caconfig.cnf  
**Error opening CA private key** ~/myCA/private/cakey.pem  
139754719667872:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('~/myCA/private/cakey.pem','r')  
139754719667872:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:  
unable to load CA private key

I have already verified that nano ~/myCA/private/cakey.pem command opens the cakey.pem file, and that the read permission for this file is enabled.

Any help will be appreciated. Thanks!

Answer 1

You seem to be running as root, check that you haven't accidentally followed the instructions on the ubuntu.com OpenSSL article too literally and set the dir param in /root/myCA/caconfig.cnf to /home/root/myCA.

This as the root home dir differs from all other home directories by residing in the top folder. So if you have set it to /home/root/myCA, that is not valid, you have to change it to /root/myCA.

Edit (as this was the problem):

Using "~" in the configuration might not work as it might not be expanded properly by openssl. If you are, try use absolute paths instead.