OpenSSL

Installing and maintaining the FreeBSD Ports Collection or FreeBSD Packages (i.e. third party software).

OpenSSL

Postby xolod-ru » 27 Aug 2009, 11:45

Hi All!
Help please understand, when you create a certificate error ...

Code: Select all
root# mkdir /etc/ssl/sslcert
root# cd /etc/ssl/sslcert
root# openssl req -new -newkey rsa:4096 -nodes -keyout /etc/ssl/sslcert/ca.key -x509 -days 365 \
   -subj /C=RU/ST=Russia/L=Moscow/O=Internet/OU=Internet/CN=localhost/emailAddress=gmail.com@gmail.com -out /etc/ssl/sslcert/ca.crt

Unable to load config info
Generating a 4096 bit RSA private key
.........................................++
.....................++
writing new private key to '/etc/ssl/sslcert/ca.key'
-----
unable to find 'distinguished_name' in config
problems making Certificate Request
1888:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/conf/conf_lib.c:325:

root# openssl version
OpenSSL 0.9.7e-p1 25 Oct 2004

root# uname -a
FreeBSD 6.4-RELEASE

root# portsnap update
Ports tree is already up to date.

root# cd /usr/ports/security/openssl
root# make install clean

===>  openssl-0.9.8k_3 is marked as broken: No patchset for 0.9.8.
*** Error code 1

Stop in /usr/ports/security/openssl.
xolod-ru
Junior Member
 
Posts: 26
Joined: 19 Apr 2009, 17:10

Postby SirDice » 27 Aug 2009, 12:31

The following messages are frequently asked about:

Using configuration from /some/path/openssl.cnf
Unable to load config info

This is followed some time later by...

unable to find 'distinguished_name' in config
problems making Certificate Request

The first error message is the clue: it can't find the configuration file! Certain operations (like examining a certificate request) don't need a configuration file so its use isn't enforced. Generation of certificates or requests however does need a configuration file. This could be regarded as a bug.

http://www.openssl.org/docs/apps/req.html#DIAGNOSTICS
Senior UNIX Engineer at Unix Support Nederland
Experience is something you don't get until just after you need it.
User avatar
SirDice
Old Fart
 
Posts: 16196
Joined: 17 Nov 2008, 16:50
Location: Rotterdam, Netherlands

Postby xolod-ru » 27 Aug 2009, 15:16

What other proposals?
xolod-ru
Junior Member
 
Posts: 26
Joined: 19 Apr 2009, 17:10

Postby DutchDaemon » 27 Aug 2009, 15:28

Not BSD-specific, but it may provide some insight.
http://www.akadia.com/services/ssh_test_certificate.html

You can also put [file]/usr/src/crypto/openssl/apps/openssl.cnf[/file] in [file]/etc/ssl/[/file].
User avatar
DutchDaemon
Old Fart
 
Posts: 10467
Joined: 16 Nov 2008, 20:17
Location: The Netherlands

Postby xolod-ru » 27 Aug 2009, 16:03

Thank DutchDaemon, works!
xolod-ru
Junior Member
 
Posts: 26
Joined: 19 Apr 2009, 17:10


Return to Installation and Maintenance of FreeBSD Ports or Packages

Who is online

Users browsing this forum: Bing [Bot], free-and-bsd and 5 guests