当前位置: 文江博客话题详情

OpenSSL 和读取 openssl.conf 文件时出错

发布于 2024-12-04 06:43:08 字数 1125 浏览 2 评论 0原文

我运行的是 windows xp 32 位

我刚刚从以下 URL 下载了 Openssl 并安装了它。 http://www.slproweb.com/products/Win32OpenSSL.html

然后我尝试了使用以下命令创建自签名证书

openssl req -x509 -days 365 -newkey rsa:1024 -keyout hostkey.pem -nodes -out hostcert.pem

然后它开始给出以下错误

Unable to load config info from /usr/local/ssl/openssl.cnf

经过一番谷歌搜索后,我将上面的命令更改为

openssl req -config C:\OpenSSL\bin\openssl.conf -x509 -days 365 -newkey rsa:1024 -keyout hostkey.pem -nodes -out hostcert.pem

但现在我在命令提示符中收到以下错误

error on line -1 of C:\OpenSSL\bin\openssl.conf
4220:error:02001002:system library:fopen:No such file or
directory:.\crypto\bio\bss_file.c:126:fopen('C:\OpenSSL\bin\openssl.conf','rb') 
4220:error:2006D080:BIO routines:BIO_new_file:no such file:.\crypto\bio\bss_file.c:129: 
4220:error:0E078072:configuration file routines:DEF_LOAD:no such file:.\crypto\conf\conf_def.c:197:
原文

I am running windows xp 32bit

I just downloaded Openssl from the following URL and installed it.
http://www.slproweb.com/products/Win32OpenSSL.html

and then I tried to create a self signed certificate by using the following command

openssl req -x509 -days 365 -newkey rsa:1024 -keyout hostkey.pem -nodes -out hostcert.pem

then it started giving the following error

Unable to load config info from /usr/local/ssl/openssl.cnf

After some googling, I changed the above command to

openssl req -config C:\OpenSSL\bin\openssl.conf -x509 -days 365 -newkey rsa:1024 -keyout hostkey.pem -nodes -out hostcert.pem

But now I get the following error in the command prompt

error on line -1 of C:\OpenSSL\bin\openssl.conf
4220:error:02001002:system library:fopen:No such file or
directory:.\crypto\bio\bss_file.c:126:fopen('C:\OpenSSL\bin\openssl.conf','rb') 
4220:error:2006D080:BIO routines:BIO_new_file:no such file:.\crypto\bio\bss_file.c:129: 
4220:error:0E078072:configuration file routines:DEF_LOAD:no such file:.\crypto\conf\conf_def.c:197:

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(19

身边 2024-12-11 06:43:08

在 Windows 上,您还可以设置环境属性 OPENSSL_CONF。例如,您可以在命令行中键入:

set OPENSSL_CONF=c:/libs/openssl-0.9.8k/openssl.cnf

要验证它,您可以键入:

echo %OPENSSL_CONF%

您还可以将其设置为计算机环境变量的一部分,以便所有用户和服务默认情况下都可以使用它。例如,请参阅Windows NT 中的环境变量如何在 Windows XP 中管理环境变量

现在您可以运行 openssl 命令,而无需传递配置位置参数。

On Windows you can also set the environment property OPENSSL_CONF. For example from the commandline you can type:

set OPENSSL_CONF=c:/libs/openssl-0.9.8k/openssl.cnf

to validate it you can type:

echo %OPENSSL_CONF%

You can also set it as part of the computer's environmental variables so all users and services have it available by default. See, for example, Environment variables in Windows NT and How To Manage Environment Variables in Windows XP.

Now you can run openssl commands without having to pass the config location parameter.

回复 原文
网白 2024-12-11 06:43:08

只需在命令行中添加参数 -config c:\your_openssl_path\openssl.cfg,将 your_openssl_path 更改为实际安装路径即可。

Just add to your command line the parameter -config c:\your_openssl_path\openssl.cfg, changing your_openssl_path to the real installed path.

回复 原文
冷心人i 2024-12-11 06:43:08

只需在步骤 4 中自行创建一个 openssl.cnf 文件即可: http://www.flatmtn.com/article/setting-openssl-create-certificates

链接停止后编辑工作
openssl.cnf 文件的内容如下:

#
# OpenSSL configuration file.
#

# Establish working directory.

dir                 = .

[ ca ]
default_ca              = CA_default

[ CA_default ]
serial                  = $dir/serial
database                = $dir/certindex.txt
new_certs_dir               = $dir/certs
certificate             = $dir/cacert.pem
private_key             = $dir/private/cakey.pem
default_days                = 365
default_md              = md5
preserve                = no
email_in_dn             = no
nameopt                 = default_ca
certopt                 = default_ca
policy                  = policy_match

[ policy_match ]
countryName             = match
stateOrProvinceName         = match
organizationName            = match
organizationalUnitName          = optional
commonName              = supplied
emailAddress                = optional

[ req ]
default_bits                = 1024          # Size of keys
default_keyfile             = key.pem       # name of generated keys
default_md              = md5               # message digest algorithm
string_mask             = nombstr       # permitted characters
distinguished_name          = req_distinguished_name
req_extensions              = v3_req

[ req_distinguished_name ]
# Variable name             Prompt string
#-------------------------    ----------------------------------
0.organizationName          = Organization Name (company)
organizationalUnitName          = Organizational Unit Name (department, division)
emailAddress                = Email Address
emailAddress_max            = 40
localityName                = Locality Name (city, district)
stateOrProvinceName         = State or Province Name (full name)
countryName             = Country Name (2 letter code)
countryName_min             = 2
countryName_max             = 2
commonName              = Common Name (hostname, IP, or your name)
commonName_max              = 64

# Default values for the above, for consistency and less typing.
# Variable name             Value
#------------------------     ------------------------------
0.organizationName_default      = My Company
localityName_default            = My Town
stateOrProvinceName_default     = State or Providence
countryName_default         = US

[ v3_ca ]
basicConstraints            = CA:TRUE
subjectKeyIdentifier            = hash
authorityKeyIdentifier          = keyid:always,issuer:always

[ v3_req ]
basicConstraints            = CA:FALSE
subjectKeyIdentifier            = hash

Just create an openssl.cnf file yourself like this in step 4: http://www.flatmtn.com/article/setting-openssl-create-certificates

Edit after link stopped working
The content of the openssl.cnf file was the following:

#
# OpenSSL configuration file.
#

# Establish working directory.

dir                 = .

[ ca ]
default_ca              = CA_default

[ CA_default ]
serial                  = $dir/serial
database                = $dir/certindex.txt
new_certs_dir               = $dir/certs
certificate             = $dir/cacert.pem
private_key             = $dir/private/cakey.pem
default_days                = 365
default_md              = md5
preserve                = no
email_in_dn             = no
nameopt                 = default_ca
certopt                 = default_ca
policy                  = policy_match

[ policy_match ]
countryName             = match
stateOrProvinceName         = match
organizationName            = match
organizationalUnitName          = optional
commonName              = supplied
emailAddress                = optional

[ req ]
default_bits                = 1024          # Size of keys
default_keyfile             = key.pem       # name of generated keys
default_md              = md5               # message digest algorithm
string_mask             = nombstr       # permitted characters
distinguished_name          = req_distinguished_name
req_extensions              = v3_req

[ req_distinguished_name ]
# Variable name             Prompt string
#-------------------------    ----------------------------------
0.organizationName          = Organization Name (company)
organizationalUnitName          = Organizational Unit Name (department, division)
emailAddress                = Email Address
emailAddress_max            = 40
localityName                = Locality Name (city, district)
stateOrProvinceName         = State or Province Name (full name)
countryName             = Country Name (2 letter code)
countryName_min             = 2
countryName_max             = 2
commonName              = Common Name (hostname, IP, or your name)
commonName_max              = 64

# Default values for the above, for consistency and less typing.
# Variable name             Value
#------------------------     ------------------------------
0.organizationName_default      = My Company
localityName_default            = My Town
stateOrProvinceName_default     = State or Providence
countryName_default         = US

[ v3_ca ]
basicConstraints            = CA:TRUE
subjectKeyIdentifier            = hash
authorityKeyIdentifier          = keyid:always,issuer:always

[ v3_req ]
basicConstraints            = CA:FALSE
subjectKeyIdentifier            = hash
回复 原文
眼趣 2024-12-11 06:43:08
set OPENSSL_CONF=c:/{path to openSSL}/bin/openssl.cfg

注意正确的扩展名(openssl.cfg 而不是 cnf)!

我已经从这里安装了 OpenSSL: http://slproweb.com/products/Win32OpenSSL.html

set OPENSSL_CONF=c:/{path to openSSL}/bin/openssl.cfg

take care of the right extension (openssl.cfg not cnf)!

I have installed OpenSSL from here: http://slproweb.com/products/Win32OpenSSL.html

回复 原文
蓝梦月影 2024-12-11 06:43:08

如果您已经使用 OpenSSL 安装了 Apache,请导航到 bin 目录。就我而言,D:\apache\bin。

*如果您独立安装了 openssl,这些命令也适用。

运行这些命令:

openssl req -config d:\apache\conf\openssl.cnf -new -out d:\apache\conf\server.csr -keyout d:\apache\conf\server.pem
openssl rsa -in d:\apache\conf\server.pem -out d:\apache\conf\server.key
openssl x509 -in d:\apache\conf\server.csr -out d:\apache\conf\server.crt -req -signkey d:\apache\conf\server.key -days 365

*这将创建可用于开发目的的自签名证书

再次,如果您在 httpd.conf 中安装 Apache 并粘贴以下内容:

  <IfModule ssl_module>
    SSLEngine on
    SSLCertificateFile "D:/apache/conf/server.crt"
    SSLCertificateKeyFile "D:/apache/conf/server.key"
  </IfModule>

If you have installed Apache with OpenSSL navigate to bin directory. In my case D:\apache\bin.

*These commands also work if you have stand alone installation of openssl.

Run these commands:

openssl req -config d:\apache\conf\openssl.cnf -new -out d:\apache\conf\server.csr -keyout d:\apache\conf\server.pem
openssl rsa -in d:\apache\conf\server.pem -out d:\apache\conf\server.key
openssl x509 -in d:\apache\conf\server.csr -out d:\apache\conf\server.crt -req -signkey d:\apache\conf\server.key -days 365

*This will create self-signed certificate that you can use for development purposes

Again if you have Apache installed in the httpd.conf stick these:

  <IfModule ssl_module>
    SSLEngine on
    SSLCertificateFile "D:/apache/conf/server.crt"
    SSLCertificateKeyFile "D:/apache/conf/server.key"
  </IfModule>
回复 原文
昔日梦未散 2024-12-11 06:43:08

我刚刚使用 Apache for windows bin 文件夹中的 openssl.exe 时遇到了类似的错误。我在 openssl.cnf 文件的路径中指定了 -config 标志,其中有一个拼写错误。我想你会发现

openssl req -config C:\OpenSSL\bin\openssl.conf -x509 -days 365 -newkey rsa:1024 -keyout hostkey.pem -nodes -out hostcert.pem

应该是

openssl req -config "C:\OpenSSL\bin\openssl.cnf" -x509 -days 365 -newkey rsa:1024 -keyout hostkey.pem -nodes -out hostcert.pem

注意:conf 可能应该是cnf

I just had a similar error using the openssl.exe from the Apache for windows bin folder. I had the -config flag specified by had a typo in the path of the openssl.cnf file. I think you'll find that

openssl req -config C:\OpenSSL\bin\openssl.conf -x509 -days 365 -newkey rsa:1024 -keyout hostkey.pem -nodes -out hostcert.pem

should be

openssl req -config "C:\OpenSSL\bin\openssl.cnf" -x509 -days 365 -newkey rsa:1024 -keyout hostkey.pem -nodes -out hostcert.pem

Note: the conf should probably be cnf.

回复 原文
腹黑女流氓 2024-12-11 06:43:08

只需尝试以管理员身份运行 openssl.exe 即可。

Just try to run openssl.exe as administrator.

回复 原文
烟柳画桥 2024-12-11 06:43:08

如果您在 Windows 上与 Git 一起安装了 OpenSSL,请将以下内容添加到您的命令中:

-config "C:\Program Files\Git\usr\ssl\openssl.cnf"

If you installed OpenSSL on Windows together with Git, then add this to your command:

-config "C:\Program Files\Git\usr\ssl\openssl.cnf"
回复 原文
唯憾梦倾城 2024-12-11 06:43:08

我在 Windows 上也遇到了同样的问题。通过设置环境变量解决了这个问题:

变量名称:OPENSSL_CONF
变量值:C:(OpenSSl目录)\bin\openssl.cnf

I had the same issue on Windows. It was resolved by setting the environment variable as follow:

Variable name: OPENSSL_CONF
Variable value: C:(OpenSSl Directory)\bin\openssl.cnf

回复 原文
爱的十字路口 2024-12-11 06:43:08

如果openssl安装成功,在c盘搜索“OPENSSL”找到配置文件并设置路径。

set OPENSSL_CONF=<location where cnf is available>/openssl.cnf

这对我来说很有效。

If openssl installation was successfull, search for "OPENSSL" in c drive to locate the config file and set the path.

set OPENSSL_CONF=<location where cnf is available>/openssl.cnf

It worked out for me.

回复 原文
君勿笑 2024-12-11 06:43:08

https://github.com/xgqfrms-gildata/App001/issues/3

  1. 首先,确保正确的路径中有一个 openssl.cnf 文件;
  2. 如果找不到,只需下载并将其复制到您的设置路径。
$ echo %OPENSSL_CONF%

$ set OPENSSL_CONF=C:\OpenSSL\bin\openssl.cnf

https://github.com/xgqfrms-gildata/App001/issues/3

  1. first, make sure you have an openssl.cnf file in the right path;
  2. if you can't find it, just download one and copy it to your setting path.
$ echo %OPENSSL_CONF%

$ set OPENSSL_CONF=C:\OpenSSL\bin\openssl.cnf
回复 原文
绮筵 2024-12-11 06:43:08

这里的问题是 GnuWin32 openssl 的东西没有给出 openssl.cnf 文件。你必须创建它。您可以通过访问此处了解如何创建 openssl.cnf 文件:

http:// /www.flatmtn.com/article/setting-ssl-certificates-apache

它为您详细介绍了如何操作。

请注意:末尾带有反斜杠的 openssl 命令适用于 UNIX。对于 Windows:1) 删除反斜杠,2) 将第二行向上移动,使其位于第一行的末尾。 (所以你只得到一个命令。)

另外:通读注释非常重要。您可能需要根据它们进行一些更改。

The problem here is that there ISN'T an openssl.cnf file given with the GnuWin32 openssl stuff. You have to create it. You can find out HOW to create an openssl.cnf file by going here:

http://www.flatmtn.com/article/setting-ssl-certificates-apache

Where it lays it all out for you on how to do it.

PLEASE NOTE: The openssl command given with the backslash at the end is for UNIX. For Windows : 1)Remove the backslash, and 2)Move the second line up so it is at the end of the first line. (So you get just one command.)

ALSO: It is VERY important to read through the comments. There are some changes you might want to make based upon them.

回复 原文
盗梦空间 2024-12-11 06:43:08

这个解决方法对我们的工作(技术支持)帮助很大,我们制作了一个可以从任何地方运行的简单批处理文件(我们没有安装它的权限)。此解决方法将设置变量,然后为您运行 OpenSSL。它还会为您打开 bin 文件夹(因为这是您创建或修改的任何文件都将保存的位置)。另外,这仅适用于 Windows。

如何设置:

  1. 此处下载 OpenSSL 二进制文件。 (请注意,已确认这适用于版本 0.9.8h。)

  2. 将此代码复制到名为 StartOpenSSL.bat 的文件中。将其保存到您选择的位置。它可以从任何地方运行。

    <前><代码>@echo 关闭
    标题 OpenSSL

    cd\openssl\bin

    如果存在“C:\openssl\share\openssl.cnf”(

    设置 OPENSSL_CONF=c:/openssl/share/openssl.cnf
    启动 explorer.exe c:\openssl\bin

    echo 欢迎使用 OpenSSL

    开放式SSL

    ) 别的 (

    echo 错误:找不到 openssl.cnf
    echo 文件 openssl.cnf 需要存在于 c:\openssl\share 中
    暂停

    出口

  3. 下载 OpenSSL 二进制文件后,将它们解压到 C 盘上名为 OpenSSL 的文件夹中。 (路径必须是 C:\OpenSSL)。不要移动任何文件夹内容,只需将它们提取到文件夹中即可。
  4. 您已准备好使用 OpenSSL。对于没有安装权限的 Windows 用户来说,这是一个很好的解决方法,因为它不需要任何权限。只需双击运行之前的 bat 文件即可。

This workaround helped us so much at my job (Tech Support), we made a simple batch file we could run from anywhere (We didnt have the permissions to install it). This workaround will set the variable and then run OpenSSL for you. It also opens up the bin folder for you (cause this is where any files you create or modify will be saved). Also, this is only for Windows.

How to Set Up:

  1. Download the OpenSSL binaries here. (Note that this is confirmed to work with version 0.9.8h.)

  2. Copy this code to a file named StartOpenSSL.bat. Save this to a location of your choice. It can be run from anywhere.

    @echo off
title OpenSSL

cd\openssl\bin

if exist "C:\openssl\share\openssl.cnf" (

set OPENSSL_CONF=c:/openssl/share/openssl.cnf
start explorer.exe c:\openssl\bin

echo Welcome to OpenSSL

openssl

) else (

echo Error: openssl.cnf was not found
echo File openssl.cnf needs to be present in c:\openssl\share
pause

)

exit
  3. Once you have downloaded the OpenSSL binaries, extract them to your C drive in a folder titled OpenSSL. (The path needs to be C:\OpenSSL). Do not move any of the folders contents around, just extract them to the folder.
  4. You are ready to use OpenSSL. This is a great workaround for Windows users who dont have the privileges to install it as it requires no permissions. Just run the bat file from earlier by double clicking it.
回复 原文
夏末 2024-12-11 06:43:08

如果您看到类似的错误

第 -1 行 c:apacheconfopenssl.cnf 出现错误

尝试在 -config 中从反斜杠更改为前斜杠。

If you are seeing an error something like

error on line -1 c:apacheconfopenssl.cnf

try changing from back slash to front slash in the -config.

回复 原文
℉服软 2024-12-11 06:43:08

以管理员身份运行该命令,并将配置文件复制到您有读取权限的位置,并使用 -config 参数指定路径。

Run the command as administrator and copy the config file to somewhere where you have read rights and specify the path with the -config parameter.

回复 原文
空城之時有危險 2024-12-11 06:43:08

我知道这已经很旧了——但认为其他人(并使用 Visual Studio)可能会受益。我在另一篇文章中读到过这篇文章,我似乎找不到。

在记事本++中打开您的配置并确保其编码是UTF-8(即不是UTF-8-BOM*)。

这会让我省去很多搜索/尝试的错误......

I know this is old -- but thought others that happen on this (and use Visual Studio) might benefit. I read this on another post that I can't seem to find.

Open your config in notepad++ and make sure it's Encoding is UTF-8 (i.e., not UTF-8-BOM*).

This would have save me a lot of searching/trial'n'errors...

回复 原文
淡紫姑娘! 2024-12-11 06:43:08

我知道这个问题很老了,但这就是我解决它的方法。

我将 openssl.cnf 文件从 bin 目录复制到父目录,即 C:/Openssl/openssl.cnf 而不是 >C:/Openssl/bin/openssl.cnf 并且工作正常。

I know this question is old but here is how I solved it.

I copied the openssl.cnf file from the bin directory to the parent directory which is C:/Openssl/openssl.cnf instead of C:/Openssl/bin/openssl.cnf and worked fine.

回复 原文
杯别 2024-12-11 06:43:08

我也面临着同样的问题。以下是解决该问题的步骤。

  1. 检查你的 openssl 版本

openssl版本

  1. 如果您的版本低于

OpenSSL 1.1.1h 2020 年 9 月 22 日

  1. 转到下面的链接并下载最新完整版本的 openssl。
    openssl windows 安装程序
  2. 安装后在系统路径中的“PATH”变量顶部添加 openssl 路径。
  3. 通过打开新的命令提示符并运行步骤 1 中的命令来确认您的版本是最新的。
  4. 现在您已准备好再次运行该命令,这次它将起作用。

I was also facing same issue. Below are the steps to resolve it.

  1. check your openssl version

openssl version

  1. If your version is below

OpenSSL 1.1.1h 22 Sep 2020

  1. go to below link and download latest full version of openssl.
    openssl windows installer
  2. After installation add openssl path at the top of 'PATH' variable in system path.
  3. confirm your version is latest by opening new command prompt and running command in step 1
  4. Now you're ready to run the command again and this time it will work.
回复 原文
时光匆匆的小流年 2024-12-11 06:43:08

以管理员身份打开 Windows PowerShell 并添加以下行:

$env:OPENSSL_CONF = ''

如果您的 IDE 仍然遇到问题,请打开终端并添加同一行。我已经尝试了一切,但这个方法对我来说效果很好。

Open Windows PowerShell as an administrator and add the following line:

$env:OPENSSL_CONF = ''

If you still encounter the problem with your IDE, open the terminal and add the same line. I've tried everything, but this method works fine for me.

回复 原文
~没有更多了~

关于作者

眉黛浅

暂无简介

0 文章
0 评论
676 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

已经忘了多久

文章 0 评论 0

15867725375

文章 0 评论 0

LonelySnow

文章 0 评论 0

走过海棠暮

文章 0 评论 0

轻许诺言

文章 0 评论 0

信馬由缰

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文