OpenSSL和读取openssl.conf文件时出错

Question

我正在运行Windows XP 32位

我刚刚从以下URL下载了Openssl并安装了它. http://www.slproweb.com/products/Win32OpenSSL.html

然后我尝试使用以下命令创建自签名证书

openssl req -x509 -days 365 -newkey rsa:1024 -keyout hostkey.pem -nodes -out hostcert.pem

然后它开始给出以下错误

无法从/usr/local/ssl/openssl.cnf加载配置信息

然后谷歌搜索后我改变了上面的命令

openssl req -config C:\OpenSSL\bin\openssl.conf -x509 -days 365 -newkey rsa:1024 -keyout hostkey.pem -nodes -out hostcert.pem

但现在我在命令提示符中收到以下错误

C:\ OpenSSL\bin\openssl.conf的第-1行错误
4220:错误:02001002:系统库:fopen:没有这样的文件或目录:.\ crypto\bio\bss_file.c:126:fopen('C:\OpenSSL\bin\openssl.conf','rb')4220:错误:2006D080:BIO例程:BIO_new_file:没有这样的文件:.\ crypto\bio\bss_file.c:129:
4220:错误:0E078072:配置文件例程:DEF_LOAD:没有这样的文件:.\ crypto\conf\conf_def.c:197:

请帮忙.提前致谢.

Answer 1

在Windows上,您还可以设置环境属性OPENSSL_CONF.例如,从命令行可以输入:

set OPENSSL_CONF=c:/libs/openssl-0.9.8k/openssl.cnf

要验证它,您可以输入:

echo %OPENSSL_CONF%

您还可以将其设置为计算机环境变量的一部分,以便默认情况下所有用户和服务都可以使用它.见,例如,在Windows NT环境变量和如何管理Windows XP中的环境变量.

现在您可以运行openssl命令而无需传递config location参数.

Answer 2

只需在命令行中添加参数-config c:\your_openssl_path\openssl.cfg,即可更改your_openssl_path为实际安装的路径.

Answer 3

只需在步骤4中自己创建一个openssl.cnf文件:http://www.flatmtn.com/article/setting-openssl-create-certificates

链接停止工作后编辑 openssl.cnf文件的内容如下:

#
# OpenSSL configuration file.
#

# Establish working directory.

dir                 = .

[ ca ]
default_ca              = CA_default

[ CA_default ]
serial                  = $dir/serial
database                = $dir/certindex.txt
new_certs_dir               = $dir/certs
certificate             = $dir/cacert.pem
private_key             = $dir/private/cakey.pem
default_days                = 365
default_md              = md5
preserve                = no
email_in_dn             = no
nameopt                 = default_ca
certopt                 = default_ca
policy                  = policy_match

[ policy_match ]
countryName             = match
stateOrProvinceName         = match
organizationName            = match
organizationalUnitName          = optional
commonName              = supplied
emailAddress                = optional

[ req ]
default_bits                = 1024          # Size of keys
default_keyfile             = key.pem       # name of generated keys
default_md              = md5               # message digest algorithm
string_mask             = nombstr       # permitted characters
distinguished_name          = req_distinguished_name
req_extensions              = v3_req

[ req_distinguished_name ]
# Variable name             Prompt string
#-------------------------    ----------------------------------
0.organizationName          = Organization Name (company)
organizationalUnitName          = Organizational Unit Name (department, division)
emailAddress                = Email Address
emailAddress_max            = 40
localityName                = Locality Name (city, district)
stateOrProvinceName         = State or Province Name (full name)
countryName             = Country Name (2 letter code)
countryName_min             = 2
countryName_max             = 2
commonName              = Common Name (hostname, IP, or your name)
commonName_max              = 64

# Default values for the above, for consistency and less typing.
# Variable name             Value
#------------------------     ------------------------------
0.organizationName_default      = My Company
localityName_default            = My Town
stateOrProvinceName_default     = State or Providence
countryName_default         = US

[ v3_ca ]
basicConstraints            = CA:TRUE
subjectKeyIdentifier            = hash
authorityKeyIdentifier          = keyid:always,issuer:always

[ v3_req ]
basicConstraints            = CA:FALSE
subjectKeyIdentifier            = hash

您仍然可以使用Waybackmachine找到该页面:https://web.archive.org/web/20171108102046/http://www.flatmtn.com/article/setting-openssl-create-certificates

Answer 4

如果已使用OpenSSL安装Apache,请导航到bin目录.在我的情况下D:\ apache\bin.

*如果您单独安装openssl,这些命令也可以工作.

运行以下命令:

openssl req -config d:\apache\conf\openssl.cnf -new -out d:\apache\conf\server.csr -keyout d:\apache\conf\server.pem
openssl rsa -in d:\apache\conf\server.pem -out d:\apache\conf\server.key
openssl x509 -in d:\apache\conf\server.csr -out d:\apache\conf\server.crt -req -signkey d:\apache\conf\server.key -days 365

*这将创建可用于开发目的的自签名证书

再次,如果您在httpd.conf中安装了Apache,请执行以下操作:

  <IfModule ssl_module>
    SSLEngine on
    SSLCertificateFile "D:/apache/conf/server.crt"
    SSLCertificateKeyFile "D:/apache/conf/server.key"
  </IfModule>

Answer 5

只是尝试以管理员身份运行openssl.exe.

Answer 6

set OPENSSL_CONF=c:/{path to openSSL}/bin/openssl.cfg

照顾正确的扩展(openssl.cfg而不是cnf)!

我从这里安装了OpenSSL:http://slproweb.com/products/Win32OpenSSL.html

Answer 7

如果您在 Windows 上与 Git 一起安装了 OpenSSL，请将以下内容添加到您的命令中：

-config "C:\Program Files\Git\usr\ssl\openssl.cnf"

Answer 8

我使用Apache for windows bin文件夹中的openssl.exe发生了类似的错误.我有指定的-config标志在openssl.cnf文件的路径中有一个拼写错误.我想你会发现的

openssl req -config C:\OpenSSL\bin\openssl.conf -x509 -days 365 -newkey rsa:1024 -keyout hostkey.pem -nodes -out hostcert.pem

应该

openssl req -config "C:\OpenSSL\bin\openssl.cnf" -x509 -days 365 -newkey rsa:1024 -keyout hostkey.pem -nodes -out hostcert.pem

注意:conf应该是cnf.

Answer 9

我在 Windows 上也遇到了同样的问题。通过设置环境变量解决了这个问题：

变量名称：OPENSSL_CONF 变量值：C:(OpenSSl Directory)\bin\openssl.cnf