0

I'm trying to figure out how to generate a CSR so I can generate and install a SSL cert.

Here's a link to what I've what tried. Granted that post was for m0n0wall, but I figured openssl is openssl.

Heres where I get stuck.

When I run this:

/usr/bin/openssl req -new -key mykey.key -out mycsr.csr -config /usr/local/ssl/openssl.cnf

I get this:

error on line -1 of /usr/local/ssl/openssl.cnf
54934:error:02001002:system library:fopen:No such file or directory:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:122:fopen('/usr/local/ssl/openssl.cnf','rb')
54934:error:2006D080:BIO routines:BIO_new_file:no such file:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:125:
54934:error:0E078072:configuration file routines:DEF_LOAD:no such file:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/conf/conf_def.c:197:
Josh
  • 9,001
  • 27
  • 78
  • 124
ErnieTheGeek
  • 2,027
  • 16
  • 22
  • I have a feeling that the error has something to do with the "no such file" part of the error that gets repeated a couple times, I'm just not sure how to troubleshoot it. – ErnieTheGeek Jan 12 '11 at 14:49
  • Ernie: I've tried to edit the formatting so we can better read the error messages, but I have a bad feeling some of the formatting has still been lost. Could you check and maybe improve it further, so we can see what you saw, CRs and all? – MadHatter Jan 12 '11 at 14:52
  • Also, can you confirm that /usr/local/ssl/openssl.cnf exists? – MadHatter Jan 12 '11 at 14:54
  • All of the info is there, its a bit out of order. I'll try and correct it in a sec. And no, that file doesn't exist. I don't have a /usr/local/ssl directory listed there. – ErnieTheGeek Jan 12 '11 at 14:59
  • Ok, thats what I see when I run that command. – ErnieTheGeek Jan 12 '11 at 15:02

1 Answers1

1

The first two lines are complaining about the absence of openssl.cnf. My openssl, which works fine, does the same thing when I point it at a non-existent config file. Could you try again without the -config stuff, and see how it goes?

MadHatter
  • 78,442
  • 20
  • 178
  • 229
  • Looks like that may have done it. I'll apply for the cert now and let you know shortly. – ErnieTheGeek Jan 12 '11 at 15:20
  • 1
    Side note, this did resolve it. Box ran great until last week, the PFSense appliance overheated and literally melted the case and partially deformed the linux server mounted on the rack beneath it. – ErnieTheGeek Aug 23 '17 at 15:31
  • 1
    Feedback after *six years* - seriously, *thank you* for remembering to come and let us know how it worked out after all that time! My commiserations on the recent loss of your server(s), though :-( – MadHatter Aug 23 '17 at 16:10