Attempting to generate a new CSR with OpenSSL fails with: “13536:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:cryptoconfconf_lib.c:272:”

Uncategorized, Windows
March 26, 2018

Recent Visitor 21

Problem

You’ve downloaded OpenSSL and have began the process of generating a new CSR to submit to a Certificate authority but notice that executing the following command:

req -new -newkey rsa:2048 -nodes -keyout mykey.pem -out myreq.pem

… generates the following error:

C:OpenSSL-Win64bin>openssl.exe

OpenSSL> req -new -newkey rsa:2048 -nodes -keyout mykey.pem -out myreq.pem

Can’t open C:Program FilesCommon FilesSSL/openssl.cnf for reading, No such file or directory

13536:error:02001003:system library:fopen:No such process:cryptobiobss_file.c:74:fopen(‘C:Program FilesCommon FilesSSL/openssl.cnf’,’r’)

13536:error:2006D080:BIO routines:BIO_new_file:no such file:cryptobiobss_file.c:81:

Generating a 2048 bit RSA private key

……..+++

……………………………………..+++

writing new private key to ‘mykey.pem’

—–

unable to find ‘distinguished_name’ in config

problems making Certificate Request

13536:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:cryptoconfconf_lib.c:272:

error in req

OpenSSL>

Solution

One of the reasons why the error above would be thrown is if the openssl_confg is not configured properly to the openssl.cfg file. To do so, execute the following command (change the path as required):

set openssl_conf=c:OpenSSL-Win64binopenssl.cfg

The CSR generation will proceed as expected once the configuration file is specified:

C:OpenSSL-Win64bin>openssl.exe

OpenSSL> req -new -newkey rsa:2048 -nodes -keyout mykey.pem -out myreq.pem

Generating a 2048 bit RSA private key

……………………………………………+++

…………………+++

writing new private key to ‘mykey.pem’

—–

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter ‘.’, the field will be left blank.

—–

Country Name (2 letter code) [AU]:

Please refer to one of my older posts if you’re using OpenSSL to generate a certificate for a Cisco Wireless Controller:

Generating SSL certificate with OpenSSL for Cisco Wireless Controller
https://blog.terenceluk.com/2015/03/generating-ssl-certificate-with-openssl.html

Certificate Authority

Hello! My name is Terence Luk and welcome to my blog.

About me

2 Responses

Anonymous says:

November 8, 2019 at 7:13 am

Did not work
Anonymous says:

August 26, 2020 at 7:55 am

It did work for me. Thanks

Attempting to generate a new CSR with OpenSSL fails with: “13536:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:cryptoconfconf_lib.c:272:”

You’ve downloaded OpenSSL and have began the process of generating a new CSR to submit to a Certificate authority but notice that executing the following command:

Hello! My name is Terence Luk and welcome to my blog.

Follow me:

Categories

Related Posts

Web Application Update: Adding identity information of the user who has uploaded a file to a Storage Account

Configuring a Logic App to run an Azure AI Search Service Indexer to index new documents for RAG

Creating a Logic App to process Defender for Storage malware scan results published by Event Grid

Using Defender for Storage to scan for malware in a Storage Account, Event Grid to publish details and trigger Logic App

2 Responses

Subscribe to the mailing list to receive posts updates!

Categories

Recent Posts

Web Application Update: Adding identity information of the user who has uploaded a file to a Storage Account

Configuring a Logic App to run an Azure AI Search Service Indexer to index new documents for RAG