windows OpenSSL 和读取 openssl.conf 文件时出错
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/7360602/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
OpenSSL and error in reading openssl.conf file
提问by Sreeram
I am running windows xp 32bit
我正在运行 windows xp 32 位
I just downloaded Openssl from the following URL and installed it. http://www.slproweb.com/products/Win32OpenSSL.html
我刚刚从以下 URL 下载了 Openssl 并安装了它。 http://www.slproweb.com/products/Win32OpenSSL.html
and then i tried to create a self signed certificate by using the following command
然后我尝试使用以下命令创建自签名证书
openssl req -x509 -days 365 -newkey rsa:1024 -keyout hostkey.pem -nodes -out hostcert.pem
then it started giving the following error
然后它开始给出以下错误
Unable to load config info from /usr/local/ssl/openssl.cnf
无法从 /usr/local/ssl/openssl.cnf 加载配置信息
Then after googling sometime i changed the above command to
然后在谷歌搜索之后我将上面的命令更改为
openssl req -config C:\OpenSSL\bin\openssl.conf -x509 -days 365 -newkey rsa:1024 -keyout hostkey.pem -nodes -out hostcert.pem
But now i get the following error in the command prompt
但是现在我在命令提示符中收到以下错误
error on line -1 of C:\OpenSSL\bin\openssl.conf
4220:error:02001002:system library:fopen:No such file or directory:.\crypto\bio\bss_file.c:126:fopen('C:\OpenSSL\bin\openssl.conf','rb') 4220:error:2006D080:BIO routines:BIO_new_file:no such file:.\crypto\bio\bss_file.c:129:
4220:error:0E078072:configuration file routines:DEF_LOAD:no such file:.\crypto\conf\conf_def.c:197:
C:\OpenSSL\bin\openssl.conf 的第 -1 行错误
4220:error:02001002:system library:fopen:No such file or directory:.\crypto\bio\bss_file.c:126:fopen('C: \OpenSSL\bin\openssl.conf','rb') 4220:error:2006D080:BIOroutines:BIO_new_file:no such file:.\crypto\bio\bss_file.c:129:
4220:error:0E078072:configuration文件例程:DEF_LOAD: 没有这样的文件:.\crypto\conf\conf_def.c:197:
Please help. Thanks in advance.
请帮忙。提前致谢。
回答by dvtoever
On Windows you can also set the environment property OPENSSL_CONF. For example from the commandline you can type:
在 Windows 上,您还可以设置环境属性OPENSSL_CONF。例如,您可以从命令行输入:
set OPENSSL_CONF=c:/libs/openssl-0.9.8k/openssl.cnf
to validate it you can type:
要验证它,您可以键入:
echo %OPENSSL_CONF%
You can also set it as part of the computer's environmental variables so all users and services have it available by default. See, for example, Environment variables in Windows NTand How To Manage Environment Variables in Windows XP.
您还可以将其设置为计算机环境变量的一部分,以便默认情况下所有用户和服务都可以使用它。见,例如,在Windows NT环境变量和如何在Windows XP中管理环境变量。
Now you can run openssl commands without having to pass the config location parameter.
现在您可以运行 openssl 命令而无需传递配置位置参数。
回答by Nikl
Just add to your command line the parameter -config c:\your_openssl_path\openssl.cfg, changing your_openssl_pathto the real installed path.
只需在命令行中添加参数-config c:\your_openssl_path\openssl.cfg,更改your_openssl_path为实际安装路径即可。
回答by Sam
Just create an openssl.cnf file yourself like this in step 4: http://www.flatmtn.com/article/setting-openssl-create-certificates
只需在步骤 4 中自己创建一个 openssl.cnf 文件:http: //www.flatmtn.com/article/setting-openssl-create-certificates
Edit after link stopped workingThe content of the openssl.cnf file was the following:
链接停止工作后编辑openssl.cnf 文件的内容如下:
#
# OpenSSL configuration file.
#
# Establish working directory.
dir = .
[ ca ]
default_ca = CA_default
[ CA_default ]
serial = $dir/serial
database = $dir/certindex.txt
new_certs_dir = $dir/certs
certificate = $dir/cacert.pem
private_key = $dir/private/cakey.pem
default_days = 365
default_md = md5
preserve = no
email_in_dn = no
nameopt = default_ca
certopt = default_ca
policy = policy_match
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ req ]
default_bits = 1024 # Size of keys
default_keyfile = key.pem # name of generated keys
default_md = md5 # message digest algorithm
string_mask = nombstr # permitted characters
distinguished_name = req_distinguished_name
req_extensions = v3_req
[ req_distinguished_name ]
# Variable name Prompt string
#------------------------- ----------------------------------
0.organizationName = Organization Name (company)
organizationalUnitName = Organizational Unit Name (department, division)
emailAddress = Email Address
emailAddress_max = 40
localityName = Locality Name (city, district)
stateOrProvinceName = State or Province Name (full name)
countryName = Country Name (2 letter code)
countryName_min = 2
countryName_max = 2
commonName = Common Name (hostname, IP, or your name)
commonName_max = 64
# Default values for the above, for consistency and less typing.
# Variable name Value
#------------------------ ------------------------------
0.organizationName_default = My Company
localityName_default = My Town
stateOrProvinceName_default = State or Providence
countryName_default = US
[ v3_ca ]
basicConstraints = CA:TRUE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always
[ v3_req ]
basicConstraints = CA:FALSE
subjectKeyIdentifier = hash
回答by Artur K?dzior
If you have installed Apache with OpenSSL navigate to bin directory. In my case D:\apache\bin.
如果您安装了带有 OpenSSL 的 Apache,请导航到 bin 目录。就我而言,D:\apache\bin。
*These commands also work if you have stand alone installation of openssl.
*如果您单独安装了 openssl,这些命令也有效。
Run these commands:
运行这些命令:
openssl req -config d:\apache\conf\openssl.cnf -new -out d:\apache\conf\server.csr -keyout d:\apache\conf\server.pem
openssl rsa -in d:\apache\conf\server.pem -out d:\apache\conf\server.key
openssl x509 -in d:\apache\conf\server.csr -out d:\apache\conf\server.crt -req -signkey d:\apache\conf\server.key -days 365
*This will create self-signed certificate that you can use for development purposes
*这将创建可用于开发目的的自签名证书
Again if you have Apache installed in the httpd.conf stick these:
同样,如果您在 httpd.conf 中安装了 Apache,请坚持这些:
<IfModule ssl_module>
SSLEngine on
SSLCertificateFile "D:/apache/conf/server.crt"
SSLCertificateKeyFile "D:/apache/conf/server.key"
</IfModule>
回答by Artur K?dzior
set OPENSSL_CONF=c:/{path to openSSL}/bin/openssl.cfg
take care of the right extension (openssl.cfgnot cnf)!
注意正确的扩展名(openssl.cfg不是 cnf)!
I have installed OpenSSL from here: http://slproweb.com/products/Win32OpenSSL.html
我已经从这里安装了 OpenSSL:http: //slproweb.com/products/Win32OpenSSL.html
回答by Serghei Grajdean
Just try to run openssl.exe as administrator.
只需尝试以管理员身份运行 openssl.exe 即可。
回答by Nic Cottrell
I just had a similar error using the openssl.exe from the Apache for windows bin folder. I had the -config flag specified by had a typo in the path of the openssl.cnf file. I think you'll find that
我刚刚使用 Apache for windows bin 文件夹中的 openssl.exe 遇到了类似的错误。我指定的 -config 标志在 openssl.cnf 文件的路径中有一个错字。我想你会发现
openssl req -config C:\OpenSSL\bin\openssl.conf -x509 -days 365 -newkey rsa:1024 -keyout hostkey.pem -nodes -out hostcert.pem
should be
应该
openssl req -config "C:\OpenSSL\bin\openssl.cnf" -x509 -days 365 -newkey rsa:1024 -keyout hostkey.pem -nodes -out hostcert.pem
Note: the confshould probably be cnf.
注意:conf应该是cnf。
回答by hermes101
If openssl installation was successfull, search for "OPENSSL" in c drive to locate the config file and set the path.
如果openssl安装成功,在c盘搜索“OPENSSL”找到配置文件并设置路径。
set OPENSSL_CONF=<location where cnf is available>/openssl.cnf
It worked out for me.
它对我有用。
回答by Rex Linder
This workaround helped us so much at my job (Tech Support), we made a simple batch file we could run from anywhere (We didnt have the permissions to install it). This workaround will set the variable and then run OpenSSL for you. It also opens up the bin folder for you (cause this is where any files you create or modify will be saved). Also, this is only for Windows.
这个解决方法在我的工作(技术支持)中对我们帮助很大,我们制作了一个简单的批处理文件,我们可以从任何地方运行(我们没有安装它的权限)。此解决方法将设置变量,然后为您运行 OpenSSL。它还会为您打开 bin 文件夹(因为这是您创建或修改的任何文件将被保存的地方)。此外,这仅适用于 Windows。
How to Set Up:
如何设置:
- Download the OpenSSL binaries here. (Note that this is confirmed to work with version 0.9.8h.)
Copy this code to a file named StartOpenSSL.bat. Save this to a location of your choice. It can be run from anywhere.
@echo off title OpenSSL cd\openssl\bin if exist "C:\openssl\share\openssl.cnf" ( set OPENSSL_CONF=c:/openssl/share/openssl.cnf start explorer.exe c:\openssl\bin echo Welcome to OpenSSL openssl ) else ( echo Error: openssl.cnf was not found echo File openssl.cnf needs to be present in c:\openssl\share pause ) exit- Once you have downloaded the OpenSSL binaries, extract them to your C drive in a folder titled OpenSSL. (The path needs to be C:\OpenSSL). Do not move any of the folders contents around, just extract them to the folder.
- You are ready to use OpenSSL. This is a great workaround for Windows users who dont have the privileges to install it as it requires no permissions. Just run the bat file from earlier by double clicking it.
- 在此处下载 OpenSSL 二进制文件。(请注意,这已确认适用于 0.9.8h 版。)
将此代码复制到名为 StartOpenSSL.bat 的文件中。将此保存到您选择的位置。它可以从任何地方运行。
@echo off title OpenSSL cd\openssl\bin if exist "C:\openssl\share\openssl.cnf" ( set OPENSSL_CONF=c:/openssl/share/openssl.cnf start explorer.exe c:\openssl\bin echo Welcome to OpenSSL openssl ) else ( echo Error: openssl.cnf was not found echo File openssl.cnf needs to be present in c:\openssl\share pause ) exit- 下载 OpenSSL 二进制文件后,将它们解压缩到 C 驱动器中名为 OpenSSL 的文件夹中。(路径需要是 C:\OpenSSL)。不要移动任何文件夹内容,只需将它们解压缩到文件夹中。
- 您已准备好使用 OpenSSL。对于没有权限安装它的 Windows 用户来说,这是一个很好的解决方法,因为它不需要权限。只需双击运行先前的 bat 文件即可。
回答by xgqfrms
https://github.com/xgqfrms-gildata/App001/issues/3
https://github.com/xgqfrms-gildata/App001/issues/3
- first, make sure you have an
openssl.cnffile in the right path; - if you can't find it, just downloadone and copy it to your setting path.
- 首先,确保您
openssl.cnf在正确的路径中有一个文件; - 如果找不到,只需下载一个并将其复制到您的设置路径即可。
$ echo %OPENSSL_CONF%
$ set OPENSSL_CONF=C:\OpenSSL\bin\openssl.cnf
