While signing the certificate without mentioning the install name, the following error is received:
vyos@vyos:~$ generate pki certificate sign root_ca Do you already have a certificate request? [y/N] y Paste certificate request and press enter: MIICsjCCAZoCAQAwXDELMAkGA1UEBhMCR0IxEzARBgNVBAgMClNvbWUtU3RhdGUx EjAQBgNVBAcMCVNvbWUtQ2l0eTENMAsGA1UECgwEVnlPUzEVMBMGA1UEAwwMaXBz ZWMtc2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwSVC5Gro fn5rFPN6GBnKGtJjTi3oXIDHFy86NKEC5EUUyO8B0j9ytdGrib8HTC3QYmP8O4qv +2oM9KwILk+dDOdFH9BzZUOWJ9z7LixBPdoMPMLxgqy5Rgz7pOBJfs9W9WZQJ7px flUntyC1jFpAMLvWEtC3u5cIw6kC6V1b9q6Er6Z2aa5AGg3eoswYTaRyrBf7/0VS GyWvui9EwjaNjvgtxcunRG0X/qJg4RRBCsXyEwsVqeBV1EBCeevk/F849K/cyh9S qMr7o1cSaWTRwO2a9DrXJG8c+wayerJOFVppT9JN5iRhT04VuHyqQrFbPPyGcWBE 0WxeagxAH3G7tQIDAQABoBEwDwYJKoZIhvcNAQkOMQIwADANBgkqhkiG9w0BAQsF AAOCAQEAukqy1h6xeM02w8r5wXxOLW82VFkUzhv8lVh3OCV1fa3fKuLgAVCJqdDq O5BLVbovrhInjU5YJot+Yz85+pbcG4/05GH0rKPJkleuOFads4qSIQFAbiYq1wwr iqTXDU7iLQDGZJvXAw26GuQ/OElqHGrY6Q6Cq4IG9a+bgdfLBOYKKBwKehwQ+Un7 /Ihp+5mhvezt+5cIdDlvYfoSFoxj87p13229ticALidBdnb660ZRqj6hao/VWBPR HAvpWp2C+2w3nMpWYCFv8L/O8WzyGZ0BAbzIYxQfinqYaHZ8bHrfeQWS35g4tM4Y 3TZ5y945oD2+6Zj2VxMAII6HQvrPxw== Enter how many days certificate will be valid: (Default: 365) Enter certificate type: (client, server) (Default: server) server Note: If you plan to use the generated key on this router, do not encrypt the private key. Do you want to encrypt the private key with a passphrase? [y/N] N -----BEGIN CERTIFICATE----- MIIDtjCCAp6gAwIBAgIUJXxea2uiIl/HY+cW4S1wxo0q+mMwDQYJKoZIhvcNAQEL BQAwVzELMAkGA1UEBhMCR0IxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAcM CVNvbWUtQ2l0eTENMAsGA1UECgwEVnlPUzEQMA4GA1UEAwwHcm9vdF9jYTAeFw0y MTExMjkxMTU3MzVaFw0yMjExMjkxMTU3MzVaMFwxCzAJBgNVBAYTAkdCMRMwEQYD VQQIDApTb21lLVN0YXRlMRIwEAYDVQQHDAlTb21lLUNpdHkxDTALBgNVBAoMBFZ5 T1MxFTATBgNVBAMMDGlwc2VjLXNlcnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBAMElQuRq6H5+axTzehgZyhrSY04t6FyAxxcvOjShAuRFFMjvAdI/ crXRq4m/B0wt0GJj/DuKr/tqDPSsCC5PnQznRR/Qc2VDlifc+y4sQT3aDDzC8YKs uUYM+6TgSX7PVvVmUCe6cX5VJ7cgtYxaQDC71hLQt7uXCMOpAuldW/auhK+mdmmu QBoN3qLMGE2kcqwX+/9FUhslr7ovRMI2jY74LcXLp0RtF/6iYOEUQQrF8hMLFang VdRAQnnr5PxfOPSv3MofUqjK+6NXEmlk0cDtmvQ61yRvHPsGsnqyThVaaU/STeYk YU9OFbh8qkKxWzz8hnFgRNFsXmoMQB9xu7UCAwEAAaN1MHMwDAYDVR0TAQH/BAIw ADAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwHQYDVR0OBBYE FN3dCB5+W4JEIa9YxxqQxXBN7asgMB8GA1UdIwQYMBaAFB/2bDdL/YniFhAWojXz nswT/GvyMA0GCSqGSIb3DQEBCwUAA4IBAQABKi/Hn1SxtFoZmYeDIc64+9wUUg4+ cxzvj/MKePY6Q2RMQurlzUHiK7zZbjJMSibEgWDVVncpCW+bNEJwh/tOab6uwKy7 jMvu1bAdZCKThxpGSIG9yRwSbKaJfOFwGbcZHthAHTlWe1JjU7+HIsfwJSmZl4EV elN6Kk9cTEcOHYmVUKUSBViEtvc07iYLUoL8rapR/mctx8sShg5ZjWFbZnHJHBRu SEESFZbDbTIEax4v9QEWQjsg6umZH6SjH+4BJcl3pP8C9vsAywNH6yCO9MdTVl/Q cOCy3Eqt5ulPbtZmR70HGn0SWh04Whey+/XdFLgb/A2Jc2HMeNwFLl76 -----END CERTIFICATE----- Traceback (most recent call last): File "/usr/libexec/vyos/op_mode/pki.py", line 813, in <module> generate_certificate_sign(args.certificate, args.sign, install=args.install, file=args.file) File "/usr/libexec/vyos/op_mode/pki.py", line 483, in generate_certificate_sign print(encode_private_key(private_key, passphrase=passphrase)) File "/usr/lib/python3/dist-packages/vyos/pki.py", line 84, in encode_private_key return private_key.private_bytes( AttributeError: 'NoneType' object has no attribute 'private_bytes'
Same error received when passphrase provided.
Successful when install name is provided:
vyos@vyos:~$ generate pki certificate sign root_ca install ipsec-server Do you already have a certificate request? [y/N] y Paste certificate request and press enter: MIICsjCCAZoCAQAwXDELMAkGA1UEBhMCR0IxEzARBgNVBAgMClNvbWUtU3RhdGUx EjAQBgNVBAcMCVNvbWUtQ2l0eTENMAsGA1UECgwEVnlPUzEVMBMGA1UEAwwMaXBz ZWMtc2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwSVC5Gro fn5rFPN6GBnKGtJjTi3oXIDHFy86NKEC5EUUyO8B0j9ytdGrib8HTC3QYmP8O4qv +2oM9KwILk+dDOdFH9BzZUOWJ9z7LixBPdoMPMLxgqy5Rgz7pOBJfs9W9WZQJ7px flUntyC1jFpAMLvWEtC3u5cIw6kC6V1b9q6Er6Z2aa5AGg3eoswYTaRyrBf7/0VS GyWvui9EwjaNjvgtxcunRG0X/qJg4RRBCsXyEwsVqeBV1EBCeevk/F849K/cyh9S qMr7o1cSaWTRwO2a9DrXJG8c+wayerJOFVppT9JN5iRhT04VuHyqQrFbPPyGcWBE 0WxeagxAH3G7tQIDAQABoBEwDwYJKoZIhvcNAQkOMQIwADANBgkqhkiG9w0BAQsF AAOCAQEAukqy1h6xeM02w8r5wXxOLW82VFkUzhv8lVh3OCV1fa3fKuLgAVCJqdDq O5BLVbovrhInjU5YJot+Yz85+pbcG4/05GH0rKPJkleuOFads4qSIQFAbiYq1wwr iqTXDU7iLQDGZJvXAw26GuQ/OElqHGrY6Q6Cq4IG9a+bgdfLBOYKKBwKehwQ+Un7 /Ihp+5mhvezt+5cIdDlvYfoSFoxj87p13229ticALidBdnb660ZRqj6hao/VWBPR HAvpWp2C+2w3nMpWYCFv8L/O8WzyGZ0BAbzIYxQfinqYaHZ8bHrfeQWS35g4tM4Y 3TZ5y945oD2+6Zj2VxMAII6HQvrPxw== Enter how many days certificate will be valid: (Default: 365) Enter certificate type: (client, server) (Default: server) server Note: If you plan to use the generated key on this router, do not encrypt the private key. Do you want to encrypt the private key with a passphrase? [y/N] N You are not in configure mode, commands to install manually from configure mode: set pki certificate ipsec-server certificate 'MIIDtjCCAp6gAwIBAgIURNhTCUy/r9g/UihWEffEGzFlPV8wDQYJKoZIhvcNAQELBQAwVzELMAkGA1UEBhMCR0IxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAcMCVNvbWUtQ2l0eTENMAsGA1UECgwEVnlPUzEQMA4GA1UEAwwHcm9vdF9jYTAeFw0yMTExMjkxMTU1NTVaFw0yMjExMjkxMTU1NTVaMFwxCzAJBgNVBAYTAkdCMRMwEQYDVQQIDApTb21lLVN0YXRlMRIwEAYDVQQHDAlTb21lLUNpdHkxDTALBgNVBAoMBFZ5T1MxFTATBgNVBAMMDGlwc2VjLXNlcnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMElQuRq6H5+axTzehgZyhrSY04t6FyAxxcvOjShAuRFFMjvAdI/crXRq4m/B0wt0GJj/DuKr/tqDPSsCC5PnQznRR/Qc2VDlifc+y4sQT3aDDzC8YKsuUYM+6TgSX7PVvVmUCe6cX5VJ7cgtYxaQDC71hLQt7uXCMOpAuldW/auhK+mdmmuQBoN3qLMGE2kcqwX+/9FUhslr7ovRMI2jY74LcXLp0RtF/6iYOEUQQrF8hMLFangVdRAQnnr5PxfOPSv3MofUqjK+6NXEmlk0cDtmvQ61yRvHPsGsnqyThVaaU/STeYkYU9OFbh8qkKxWzz8hnFgRNFsXmoMQB9xu7UCAwEAAaN1MHMwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwHQYDVR0OBBYEFN3dCB5+W4JEIa9YxxqQxXBN7asgMB8GA1UdIwQYMBaAFB/2bDdL/YniFhAWojXznswT/GvyMA0GCSqGSIb3DQEBCwUAA4IBAQAAsTpou/J+ldjOA23mJuiINaD989B/ve1nCglPnxZEtOjlZDab8ECTKi5TKChIljT4D5MVPiRhxSzDQi5fjb04D9pzAclxeizFAv3Ev6sfY+FDT4ZZzlepEOgCdslZPfA2gctgl7TogBwdqos5fbbDcBxQLgJs/3NZe5YMJpeSPG+qacpm4HXJnH0seDG9BS8iFxjm0IzC7O0czQBwNEfWSl/+mN9s9Tm62uS7cB/ehjLzIA28O3MySzGd+k/GrxhTwEE80BuzQcC23BCSHUseMeYr+qFiNXPCXJqwGaWNtW29G0XUGQW82jOaXykPBxPBeUOXC2oZ3b5q8HRtm7QE'