Home Forum Download/Upload Links Search

NetTalk User Group

NetTalk User Group Meeting!
Live Webinar!
Saturday Nov. 16 
7am PST
Click Here To Register!
NetTalk Central
June 28, 2017, 07:35:20 AM *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: Welcome to the NetTalk Central Forums!
 
   Home   Help Search Login Register  
Pages: [1]
  Print  
Author Topic: creating ca certificate ...  (Read 308 times)
AtoB
Jr. Member
**
Posts: 53


View Profile Email
« on: November 08, 2016, 04:36:41 AM »

Hi all,

in order to secure a webservice I thought I'd create a certificate. Step one creating the CA certificate doens't seem to work:

- I run CreateCACertificate.bat
- I type a password twice

then it seems to go wrong, the follwing is displayed:


Code:
[color=blue]--- Create Certificate using Private Key
(Please enter the same password you used earlier when asked to do so)

WARNING: can't open config file: /usr/local/ssl/openssl.cnf
Unable to load config info from /usr/local/ssl/openssl.cnf


--- Display Certificate

WARNING: can't open config file: /usr/local/ssl/openssl.cnf
Error opening Certificate .\YourCARoot\cacert\YourCA.crt
5612:error:02001002:system library:fopen:No such file or directory:.\crypto\bio\bss_file.c:391:fopen('.\YourCARoot\cacert\YourCA.crt','rb')
5612:error:20074002:BIO routines:FILE_CTRL:system lib:.\crypto\bio\bss_file.c:393:
unable to load certificate
[/color]

It looks like a "openssl.cnf" file is missing somehow, at least I cannot find it ... I'm not getting (for example) a country code to billed in ...

- is this file required?
- are there any other requirements for this batch to complete?

TIA,
Ton


Logged
Bruce
Global Moderator
Hero Member
*****
Posts: 8600



View Profile
« Reply #1 on: November 08, 2016, 11:30:55 PM »

check your Command Prompt (DOS) environment for a setting;

OPENSSL_CONF=C:\OpenSSL\bin\openssl.cfg

If this exists, then the filename needs to be valid. If you're not sure, clear the setting
SET OPENSSL_CONF=

and run the batch file again.

cheers
Bruce
Logged
AtoB
Jr. Member
**
Posts: 53


View Profile Email
« Reply #2 on: November 11, 2016, 12:00:04 AM »

Hi Bruce,

just found out that I needed to install OpenSSL first, I wrongly assumed it was part of the os ... got my CA certificate!

Now diving into the next steps :-)

regards,
Ton
Logged
Bruce
Global Moderator
Hero Member
*****
Posts: 8600



View Profile
« Reply #3 on: November 13, 2016, 10:07:15 PM »

Hi Ton,

>> just found out that I needed to install OpenSSL first,

you don't need to install OpenSSL - but yes, if you do, that's another way to reset the OPENSSL_CONF setting.

cheers
Bruce
Logged
CaseyR
Sr. Member
****
Posts: 282


View Profile Email
« Reply #4 on: June 19, 2017, 02:04:50 PM »

Hi, Bruce

A few years and couple of machines ago,  I was able to use OpenSSL to self certify  and to create a CSR's.   A client's issue prompted me to work with it again and I encountered the problems Ton found.  Neither using SET to clear the environment nor reinstalling OpenSSL fixed the problem, but I did find an earlier suggestion to simply create a usr\local\ssl folder and copy and rename the openssl.conf to openssl.cnf.  It works, but seems pretty kludgy as long term solution,  I was wondering if we could go over the location and settings for how OpenSSL should work at the next NT User group meeting.  One question, for example, are there differences between 32 bit and 64 bit Windows implementation.           
Logged
Bruce
Global Moderator
Hero Member
*****
Posts: 8600



View Profile
« Reply #5 on: June 19, 2017, 11:47:48 PM »

good question Casey - please bring it up on Thursday.

cheers
Bruce
Logged
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.11 | SMF © 2006-2009, Simple Machines LLC
Joomla Bridge by JoomlaHacks.com
Valid XHTML 1.0! Valid CSS!

Login Form

Welcome Guest.






Lost Password?
No account yet? Register
home contact search contact search