OpenSSL 및 openssl.conf 파일 읽기 오류

OpenSSL 및 openssl.conf 파일 읽기 오류

---

Windows XP 32bit를 실행 중입니다.

방금 다음 URL에서 Openssl을 다운로드하여 설치했습니다. http://www.slproweb.com/products/Win32OpenSSL.html

다음 명령을 사용하여 자체 서명 된 인증서를 만들려고했습니다.

openssl req -x509 -days 365 -newkey rsa:1024 -keyout hostkey.pem -nodes -out hostcert.pem

다음 오류가 발생하기 시작했습니다.

/usr/local/ssl/openssl.cnf에서 구성 정보를로드 할 수 없습니다

그런 다음 인터넷 검색을 한 후 위의 명령을

openssl req -config C:\OpenSSL\bin\openssl.conf -x509 -days 365 -newkey rsa:1024 -keyout hostkey.pem -nodes -out hostcert.pem

그러나 이제 명령 프롬프트에 다음 오류가 발생합니다.

C : \ OpenSSL \ bin \ openssl.conf의 -1 행 오류
4220 : error : 02001002 : 시스템 라이브러리 : fopen : 파일 또는 디렉토리 없음 :. \ crypto \ bio \ bss_file.c : 126 : fopen ( 'C : \ OpenSSL \ bin \ openssl.conf ','rb ') 4220 : error : 2006D080 : BIO 루틴 : BIO_new_file : 해당 파일 없음 :. \ crypto \ bio \ bss_file.c : 129 :
4220 : error : 0E078072 : 구성 파일 루틴 : DEF_LOAD : 파일 없음 :. \ crypto \ conf \ conf_def.c : 197 :

도와주세요. 미리 감사드립니다.

---

Windows에서는 환경 속성을 설정할 수도 있습니다 OPENSSL_CONF. 예를 들어 명령 줄에서 다음을 입력 할 수 있습니다.

set OPENSSL_CONF=c:/libs/openssl-0.9.8k/openssl.cnf

그것을 확인하려면 다음을 입력하십시오.

echo %OPENSSL_CONF%

컴퓨터 환경 변수의 일부로 설정하여 모든 사용자와 서비스가 기본적으로 사용할 수 있도록 할 수도 있습니다. 예를 들어 Windows NT의 환경 변수 및 Windows XP의 환경 변수 관리 방법을 참조하십시오 .

이제 config location 매개 변수를 전달하지 않고도 openssl 명령을 실행할 수 있습니다.

---

실제 설치된 경로로 -config c:\your_openssl_path\openssl.cfg변경 하여 명령 행에 매개 변수를 추가하십시오 your_openssl_path.

---

4 단계에서 다음과 같이 openssl.cnf 파일을 직접 만드십시오. http://www.flatmtn.com/article/setting-openssl-create-certificates

링크 작동 이 중지 된 후 편집 openssl.cnf 파일의 내용은 다음과 같습니다.

#
# OpenSSL configuration file.
#

# Establish working directory.

dir                 = .

[ ca ]
default_ca              = CA_default

[ CA_default ]
serial                  = $dir/serial
database                = $dir/certindex.txt
new_certs_dir               = $dir/certs
certificate             = $dir/cacert.pem
private_key             = $dir/private/cakey.pem
default_days                = 365
default_md              = md5
preserve                = no
email_in_dn             = no
nameopt                 = default_ca
certopt                 = default_ca
policy                  = policy_match

[ policy_match ]
countryName             = match
stateOrProvinceName         = match
organizationName            = match
organizationalUnitName          = optional
commonName              = supplied
emailAddress                = optional

[ req ]
default_bits                = 1024          # Size of keys
default_keyfile             = key.pem       # name of generated keys
default_md              = md5               # message digest algorithm
string_mask             = nombstr       # permitted characters
distinguished_name          = req_distinguished_name
req_extensions              = v3_req

[ req_distinguished_name ]
# Variable name             Prompt string
#-------------------------    ----------------------------------
0.organizationName          = Organization Name (company)
organizationalUnitName          = Organizational Unit Name (department, division)
emailAddress                = Email Address
emailAddress_max            = 40
localityName                = Locality Name (city, district)
stateOrProvinceName         = State or Province Name (full name)
countryName             = Country Name (2 letter code)
countryName_min             = 2
countryName_max             = 2
commonName              = Common Name (hostname, IP, or your name)
commonName_max              = 64

# Default values for the above, for consistency and less typing.
# Variable name             Value
#------------------------     ------------------------------
0.organizationName_default      = My Company
localityName_default            = My Town
stateOrProvinceName_default     = State or Providence
countryName_default         = US

[ v3_ca ]
basicConstraints            = CA:TRUE
subjectKeyIdentifier            = hash
authorityKeyIdentifier          = keyid:always,issuer:always

[ v3_req ]
basicConstraints            = CA:FALSE
subjectKeyIdentifier            = hash

---

OpenSSL을 사용하여 Apache를 설치 한 경우 bin 디렉토리로 이동하십시오. 제 경우에는 D : \ apache \ bin입니다.

*These commands also work if you have stand alone installation of openssl.

Run these commands:

openssl req -config d:\apache\conf\openssl.cnf -new -out d:\apache\conf\server.csr -keyout d:\apache\conf\server.pem
openssl rsa -in d:\apache\conf\server.pem -out d:\apache\conf\server.key
openssl x509 -in d:\apache\conf\server.csr -out d:\apache\conf\server.crt -req -signkey d:\apache\conf\server.key -days 365

*This will create self-signed certificate that you can use for development purposes

Again if you have Apache installed in the httpd.conf stick these:

  <IfModule ssl_module>
    SSLEngine on
    SSLCertificateFile "D:/apache/conf/server.crt"
    SSLCertificateKeyFile "D:/apache/conf/server.key"
  </IfModule>

---

Just try to run openssl.exe as administrator.

---

set OPENSSL_CONF=c:/{path to openSSL}/bin/openssl.cfg

take care of the right extension (openssl.cfg not cnf)!

I have installed OpenSSL from here: http://slproweb.com/products/Win32OpenSSL.html

---

I just had a similar error using the openssl.exe from the Apache for windows bin folder. I had the -config flag specified by had a typo in the path of the openssl.cnf file. I think you'll find that

openssl req -config C:\OpenSSL\bin\openssl.conf -x509 -days 365 -newkey rsa:1024 -keyout hostkey.pem -nodes -out hostcert.pem

should be

openssl req -config "C:\OpenSSL\bin\openssl.cnf" -x509 -days 365 -newkey rsa:1024 -keyout hostkey.pem -nodes -out hostcert.pem

Note: the conf should probably be cnf.

---

If openssl installation was successfull, search for "OPENSSL" in c drive to locate the config file and set the path.

set OPENSSL_CONF=<location where cnf is available>/openssl.cnf

It worked out for me.

---

This workaround helped us so much at my job (Tech Support), we made a simple batch file we could run from anywhere (We didnt have the permissions to install it). This workaround will set the variable and then run OpenSSL for you. It also opens up the bin folder for you (cause this is where any files you create or modify will be saved). Also, this is only for Windows.

How to Set Up:

1. Download the OpenSSL binaries here. (Note that this is confirmed to work with version 0.9.8h.)

2. Copy this code to a file named StartOpenSSL.bat. Save this to a location of your choice. It can be run from anywhere.

   @echo off
   title OpenSSL
   
   cd\openssl\bin
   
   if exist "C:\openssl\share\openssl.cnf" (
   
   set OPENSSL_CONF=c:/openssl/share/openssl.cnf
   start explorer.exe c:\openssl\bin
   
   echo Welcome to OpenSSL
   
   openssl
   
   ) else (
   
   echo Error: openssl.cnf was not found
   echo File openssl.cnf needs to be present in c:\openssl\share
   pause
   
   )
   
   exit
   

3. Once you have downloaded the OpenSSL binaries, extract them to your C drive in a folder titled OpenSSL. (The path needs to be C:\OpenSSL). Do not move any of the folders contents around, just extract them to the folder.
4. You are ready to use OpenSSL. This is a great workaround for Windows users who dont have the privileges to install it as it requires no permissions. Just run the bat file from earlier by double clicking it.

---

The problem here is that there ISN'T an openssl.cnf file given with the GnuWin32 openssl stuff. You have to create it. You can find out HOW to create an openssl.cnf file by going here:

http://www.flatmtn.com/article/setting-ssl-certificates-apache

Where it lays it all out for you on how to do it.

PLEASE NOTE: The openssl command given with the backslash at the end is for UNIX. For Windows : 1)Remove the backslash, and 2)Move the second line up so it is at the end of the first line. (So you get just one command.)

ALSO: It is VERY important to read through the comments. There are some changes you might want to make based upon them.

---

If you are seeing an error something like

error on line -1 c:apacheconfopenssl.cnf

try changing from back slash to front slash in the -config.

---

Run the command as administrator and copy the config file to somewhere where you have read rights and specify the path with the -config parameter.

---

https://github.com/xgqfrms-gildata/App001/issues/3

1. first, make sure you have an openssl.cnf file in the right path;
2. if you can't find it, just download one and copy it to your setting path.

$ echo %OPENSSL_CONF%

$ set OPENSSL_CONF=C:\OpenSSL\bin\openssl.cnf

---

I know this is old -- but thought others that happen on this (and use Visual Studio) might benefit. I read this on another post that I can't seem to find.

Open your config in notepad++ and make sure it's Encoding is UTF-8 (i.e., not UTF-8-BOM*).

This would have save me a lot of searching/trial'n'errors...

---

I had the same issue on Windows. It was resolved by setting the environment variable as follow:

Variable name: OPENSSL_CONF Variable value: C:(OpenSSl Directory)\bin\openssl.cnf

참고URL : https://stackoverflow.com/questions/7360602/openssl-and-error-in-reading-openssl-conf-file