OpenSSL

Hi All!
Help please understand, when you create a certificate error ...

Code:
root# mkdir /etc/ssl/sslcert
root# cd /etc/ssl/sslcert
root# openssl req -new -newkey rsa:4096 -nodes -keyout /etc/ssl/sslcert/ca.key -x509 -days 365 \
   -subj /C=RU/ST=Russia/L=Moscow/O=Internet/OU=Internet/CN=localhost/emailAddress=gmail.com@gmail.com -out /etc/ssl/sslcert/ca.crt

Unable to load config info
Generating a 4096 bit RSA private key
.........................................++
.....................++
writing new private key to '/etc/ssl/sslcert/ca.key'
-----
unable to find 'distinguished_name' in config
problems making Certificate Request
1888:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/conf/conf_lib.c:325:

root# openssl version
OpenSSL 0.9.7e-p1 25 Oct 2004

root# uname -a
FreeBSD 6.4-RELEASE

root# portsnap update
Ports tree is already up to date.

root# cd /usr/ports/security/openssl
root# make install clean

===>  openssl-0.9.8k_3 is marked as broken: No patchset for 0.9.8.
*** Error code 1

Stop in /usr/ports/security/openssl.
 
The following messages are frequently asked about:

Using configuration from /some/path/openssl.cnf
Unable to load config info

This is followed some time later by...

unable to find 'distinguished_name' in config
problems making Certificate Request

The first error message is the clue: it can't find the configuration file! Certain operations (like examining a certificate request) don't need a configuration file so its use isn't enforced. Generation of certificates or requests however does need a configuration file. This could be regarded as a bug.
http://www.openssl.org/docs/apps/req.html#DIAGNOSTICS
 
Back
Top