Problem
You’ve downloaded OpenSSL and have began the process of generating a new CSR to submit to a Certificate authority but notice that executing the following command:
req -new -newkey rsa:2048 -nodes -keyout mykey.pem -out myreq.pem
… generates the following error:
C:\OpenSSL-Win64\bin>openssl.exe
OpenSSL> req -new -newkey rsa:2048 -nodes -keyout mykey.pem -out myreq.pem
Can't open C:\Program Files\Common Files\SSL/openssl.cnf for reading, No such file or directory
13536:error:02001003:system library:fopen:No such process:crypto\bio\bss_file.c:74:fopen('C:\Program Files\Common Files\SSL/openssl.cnf','r')
13536:error:2006D080:BIO routines:BIO_new_file:no such file:crypto\bio\bss_file.c:81:
Generating a 2048 bit RSA private key
........+++
............................................+++
writing new private key to 'mykey.pem'
-----
unable to find 'distinguished_name' in config
problems making Certificate Request
13536:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:crypto\conf\conf_lib.c:272:
error in req
OpenSSL>
Solution
One of the reasons why the error above would be thrown is if the openssl_confg is not configured properly to the openssl.cfg file. To do so, execute the following command (change the path as required):
set openssl_conf=c:\OpenSSL-Win64\bin\openssl.cfg
The CSR generation will proceed as expected once the configuration file is specified:
C:\OpenSSL-Win64\bin>openssl.exe
OpenSSL> req -new -newkey rsa:2048 -nodes -keyout mykey.pem -out myreq.pem
Generating a 2048 bit RSA private key
...................................................+++
.....................+++
writing new private key to 'mykey.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
Please refer to one of my older posts if you’re using OpenSSL to generate a certificate for a Cisco Wireless Controller:
Generating SSL certificate with OpenSSL for Cisco Wireless Controllerhttp://terenceluk.blogspot.com/2015/03/generating-ssl-certificate-with-openssl.html
2 comments:
Did not work
It did work for me. Thanks
Post a Comment