OpenSSL and error in reading openssl.conf file

2019-01-02 17:21发布

站内问答 / 前端开发
1948 13 6

I am running windows xp 32bit

I just downloaded Openssl from the following URL and installed it. http://www.slproweb.com/products/Win32OpenSSL.html

and then i tried to create a self signed certificate by using the following command

openssl req -x509 -days 365 -newkey rsa:1024 -keyout hostkey.pem -nodes -out hostcert.pem

then it started giving the following error

Unable to load config info from /usr/local/ssl/openssl.cnf

Then after googling sometime i changed the above command to 

openssl req -config C:\OpenSSL\bin\openssl.conf -x509 -days 365 -newkey rsa:1024 -keyout hostkey.pem -nodes -out hostcert.pem

But now i get the following error in the command prompt

error on line -1 of C:\OpenSSL\bin\openssl.conf
4220:error:02001002:system library:fopen:No such file or directory:.\crypto\bio\bss_file.c:126:fopen('C:\OpenSSL\bin\openssl.conf','rb') 4220:error:2006D080:BIO routines:BIO_new_file:no such file:.\crypto\bio\bss_file.c:129:
4220:error:0E078072:configuration file routines:DEF_LOAD:no such file:.\crypto\conf\conf_def.c:197:

Please help. Thanks in advance.

13条回答
残风、尘缘若梦
2楼-- · 2019-01-02 17:48

https://github.com/xgqfrms-gildata/App001/issues/3

  1. first, make sure you have an openssl.cnf file in the right path;
  2. if you can't find it, just download one and copy it to your setting path.
$ echo %OPENSSL_CONF%

$ set OPENSSL_CONF=C:\OpenSSL\bin\openssl.cnf
查看更多
0人赞 添加讨论(0) 举报
素衣白纱
3楼-- · 2019-01-02 17:52

If you are seeing an error something like

error on line -1 c:apacheconfopenssl.cnf

try changing from back slash to front slash in the -config.

查看更多
0人赞 添加讨论(0) 举报
忆尘夕之涩
4楼-- · 2019-01-02 18:00

Just create an openssl.cnf file yourself like this in step 4: http://www.flatmtn.com/article/setting-openssl-create-certificates

Edit after link stopped working The content of the openssl.cnf file was the following:

#
# OpenSSL configuration file.
#

# Establish working directory.

dir                 = .

[ ca ]
default_ca              = CA_default

[ CA_default ]
serial                  = $dir/serial
database                = $dir/certindex.txt
new_certs_dir               = $dir/certs
certificate             = $dir/cacert.pem
private_key             = $dir/private/cakey.pem
default_days                = 365
default_md              = md5
preserve                = no
email_in_dn             = no
nameopt                 = default_ca
certopt                 = default_ca
policy                  = policy_match

[ policy_match ]
countryName             = match
stateOrProvinceName         = match
organizationName            = match
organizationalUnitName          = optional
commonName              = supplied
emailAddress                = optional

[ req ]
default_bits                = 1024          # Size of keys
default_keyfile             = key.pem       # name of generated keys
default_md              = md5               # message digest algorithm
string_mask             = nombstr       # permitted characters
distinguished_name          = req_distinguished_name
req_extensions              = v3_req

[ req_distinguished_name ]
# Variable name             Prompt string
#-------------------------    ----------------------------------
0.organizationName          = Organization Name (company)
organizationalUnitName          = Organizational Unit Name (department, division)
emailAddress                = Email Address
emailAddress_max            = 40
localityName                = Locality Name (city, district)
stateOrProvinceName         = State or Province Name (full name)
countryName             = Country Name (2 letter code)
countryName_min             = 2
countryName_max             = 2
commonName              = Common Name (hostname, IP, or your name)
commonName_max              = 64

# Default values for the above, for consistency and less typing.
# Variable name             Value
#------------------------     ------------------------------
0.organizationName_default      = My Company
localityName_default            = My Town
stateOrProvinceName_default     = State or Providence
countryName_default         = US

[ v3_ca ]
basicConstraints            = CA:TRUE
subjectKeyIdentifier            = hash
authorityKeyIdentifier          = keyid:always,issuer:always

[ v3_req ]
basicConstraints            = CA:FALSE
subjectKeyIdentifier            = hash

You can still find the page using Waybackmachine: https://web.archive.org/web/20171108102046/http://www.flatmtn.com/article/setting-openssl-create-certificates

查看更多
0人赞 添加讨论(0) 举报
低头抚发
5楼-- · 2019-01-02 18:01

If openssl installation was successfull, search for "OPENSSL" in c drive to locate the config file and set the path.

set OPENSSL_CONF=<location where cnf is available>/openssl.cnf

It worked out for me.

查看更多
0人赞 添加讨论(0) 举报
旧人旧事旧时光
6楼-- · 2019-01-02 18:01

The problem here is that there ISN'T an openssl.cnf file given with the GnuWin32 openssl stuff. You have to create it. You can find out HOW to create an openssl.cnf file by going here:

http://www.flatmtn.com/article/setting-ssl-certificates-apache

Where it lays it all out for you on how to do it.

PLEASE NOTE: The openssl command given with the backslash at the end is for UNIX. For Windows : 1)Remove the backslash, and 2)Move the second line up so it is at the end of the first line. (So you get just one command.)

ALSO: It is VERY important to read through the comments. There are some changes you might want to make based upon them.

查看更多
0人赞 添加讨论(0) 举报
查无此人
7楼-- · 2019-01-02 18:01

Run the command as administrator and copy the config file to somewhere where you have read rights and specify the path with the -config parameter.

查看更多
0人赞 添加讨论(0) 举报
1 2 3 下一页
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(6)