Lab - SS & TLS Basics Q 11 CSR Fails

hi @KodeKloud / @vijin.palazhi / @mmumshad

In Lab - SSL & TLS Basics Q11 there is taks to create a CSR request . I tried to follow exactly same instruction as they are in the hints but I still get an error .

I deleted the .csr file and repeated the whole process but still the checks do not pass . Can you please review and revert what is missing ? What is the mistake below

===========================================================================

On app01 create a CSR (certificate signing request) /etc/httpd/csr/app01.csr (key name should be app01.key ). Below are the required details which should be used while creating CSR.

a. Country Name = SG
b. State or Province Name = Capital Tower
c. Locality Name = CT
d. Organization Name = KodeKloud
e. Organizational Unit Name = Education
f. Common Name = app01.com
g. Email Address = admin@kodekloud.com
h. Keep challenge password blank.
i. Keep optional company name blank.

=======================================================================

tline Hint

cd into /etc/httpd/csr directory and run command openssl req -new -newkey rsa:2048 -nodes -keyout app01.key -out app01.csr

==========================================================================


tc/httpd/csr
[thor@app01 csr]$ 
[thor@app01 csr]$ openssl req -new -newkey rsa:2048 -nodes -keyout app01.key -out app01.csr
Generating a 2048 bit RSA private key
.....................................+++
....................................................................+++
writing new private key to 'app01.key'
app01.key: Permission denied
140110634317712:error:0200100D:system library:fopen:Permission denied:bss_file.c:402:fopen('app01.key','w')
140110634317712:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:404:
[thor@app01 csr]$ 
[thor@app01 csr]$ sudo openssl req -new -newkey rsa:2048 -nodes -keyout app01.key -out app01.csr
Generating a 2048 bit RSA private key
...........................................................................................................+++
.........+++
writing new private key to 'app01.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:SG
State or Province Name (full name) []:Capital Tower
Locality Name (eg, city) [Default City]:CT
Organization Name (eg, company) [Default Company Ltd]:KodeKloud
Organizational Unit Name (eg, section) []:Education
Common Name (eg, your name or your server's hostname) []:app01.com
Email Address []:admin@kodekloud.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[thor@app01 csr]$ 
[thor@app01 csr]$ pwd
/etc/httpd/csr
[thor@app01 csr]$ 
[thor@app01 csr]$ history
    1  clear
    2  sudo yum update -y
    3  clear
    4  cat ~/.ssh/authorized_keys 
    5  ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9Ohm5n2zHuKzFnef1HmIO766U7h9pm69AxzJnwwyoUJ5orAkNURLyz7NoUqvKg3zR1e/2cEVqH/3OkgzKMKxsigfp2OHLZZ34H2qE9BaTz6q5jRQVPwYjnd1FmZt+Ej0oHpyN0gOX9kJeGPd9sfta1H+uKbCdO2PP8QnESJeGG7IbgWAjc86qNuF01scSEnjJNTNhLYD/22WRVT2HBASH0BB9lVLFAYV2lw4xFWe6LDNTMKwEV0cqK7o4tIMZbVOp6kLA2pkWPAfG8XZDgUYvkFHDVfh8fikFW+ExtRwqvkqz+J9cyq/di/1eqJLexW1ftJkePtu3Co4fiK9gvSIZ thor@jump_host.stratos.xfusioncorp.com
    6  vi ~/.ssh/authorized_keys 
    7  ssh-copy-id -i ~/.ssh/mykey.pub thor@app01
    8  sudo ssh-copy-id -i ~/.ssh/mykey.pub thor@app01
    9  clear
   10  sudo yum update -y
   11  sudo yum upgrade -y
   12  sudo yum install openssl
   13  sudo yum upgrade -y
   14  sudo yum update -y
   15  clear
   16  cat /etc/httpd/csr/app01.csr
   17  ls -al /etc/httpd/csr
   18  cd /etc/httpd/csr
   19  openssl req -new -newkey rsa:2048 -nodes -keyout app01.key -out app01.csr
   20  sudo openssl req -new -newkey rsa:2048 -nodes -keyout app01.key -out app01.csr
   21  pwd
   22  ls -al
   23  rm *
   24  sudo rm *
   25  ls -al
   26  clear
   27  pwd
   28  openssl req -new -newkey rsa:2048 -nodes -keyout app01.key -out app01.csr
   29  sudo openssl req -new -newkey rsa:2048 -nodes -keyout app01.key -out app01.csr
   30  pwd
   31  history
[thor@app01 csr]$ 
[thor@app01 csr]$ pwd
/etc/httpd/csr
[thor@app01 csr]$ 
[thor@app01 csr]$ date
Thu Jan 28 17:38:28 UTC 2021
[thor@app01 csr]$ 


Thanks for pointing out… We will check this…

I have checked and could see that the validation is getting passed… Could you please provide the screenshot of the error so that we can check…