Unable to load config info from /usr/local/ssl/openssl.cnf on Windows

Question

While using OpenSSL on Windows:

openssl genrsa -out privatekey.pem 1024 -->

Created successfully

openssl req -new -x509 -key          


        

Answer 1

After installing OpenSSL, you need to restart your computer and use Run As Administrator. Then its works.

Answer 2

For me on Windows 8, I simply found openssl.cnf file and copied it on the C drive. then:

openssl req -new -key server.key -out server.csr -config C:\openssl.cnf

Worked perfectly.

Answer 3

After installing OpenSSL I was required to create a new environment variable:

• Name: OPENSSL_CONF
• Value: C:\Program Files\OpenSSL\openssl.cnf

In powershell:

$env:OPENSSL_CONF = "${env:ProgramFiles}\OpenSSL\openssl.cnf"

This value differs from previous installation versions (as seen in a previous edit of this post). Also, don't forget to add the openssl binary folder ${env:ProgramFiles}\OpenSSL to your Path.

Answer 4

You should specify the absolute path to the config, something like this:

openssl req -x509 -config "C:\OpenSSL-Win64\bin\openssl.cnf" ...

Answer 5

The only thing that worked for me in this situation was the self-created openssl.cnf file.

Here are the basics needed for this exercise (edit as needed):

#
# OpenSSL configuration file.
#

# Establish working directory.

dir                         = .

[ ca ]
default_ca                  = CA_default

[ CA_default ]
serial                      = $dir/serial
database                    = $dir/certindex.txt
new_certs_dir               = $dir/certs
certificate                 = $dir/cacert.pem
private_key                 = $dir/private/cakey.pem
default_days                = 365
default_md                  = md5
preserve                    = no
email_in_dn                 = no
nameopt                     = default_ca
certopt                     = default_ca
policy                      = policy_match

[ policy_match ]
countryName                 = match
stateOrProvinceName         = match
organizationName            = match
organizationalUnitName      = optional
commonName                  = supplied
emailAddress                = optional

[ req ]
default_bits                = 1024          # Size of keys
default_keyfile             = key.pem       # name of generated keys
default_md                  = md5               # message digest algorithm
string_mask                 = nombstr       # permitted characters
distinguished_name          = req_distinguished_name
req_extensions              = v3_req

[ req_distinguished_name ]
# Variable name             Prompt string
#-------------------------    ----------------------------------
0.organizationName          = Organization Name (company)
organizationalUnitName      = Organizational Unit Name (department, division)
emailAddress                = Email Address
emailAddress_max            = 40
localityName                = Locality Name (city, district)
stateOrProvinceName         = State or Province Name (full name)
countryName                 = Country Name (2 letter code)
countryName_min             = 2
countryName_max             = 2
commonName                  = Common Name (hostname, IP, or your name)
commonName_max              = 64

# Default values for the above, for consistency and less typing.
# Variable name             Value
#------------------------     ------------------------------
0.organizationName_default  = My Company
localityName_default        = My Town
stateOrProvinceName_default = State or Providence
countryName_default         = US

[ v3_ca ]
basicConstraints            = CA:TRUE
subjectKeyIdentifier        = hash
authorityKeyIdentifier      = keyid:always,issuer:always

[ v3_req ]
basicConstraints            = CA:FALSE
subjectKeyIdentifier        = hash

I hope that helps.

Answer 6

In Windows 10, no need to restart nor run in Administrator's mode but instead set openssl config like so:

set OPENSSL_CONF=C:\Program Files (x86)\GnuWin32\share\openssl.cnf

Of course, if you are using GnuWin32