During the creation of a SSL certificate this error occurs:
problem creating object tsa_policy1=1.2.3.4.1
13964:error:08064066:object identifier routines:OBJ_create:oid exists:crypto\objects\obj_dat.c:690:
error in req
This is what I've done
set RANDFILE=c:\certificate\.rnd
set OPENSSL_CONF=c:\OpenSSL-Win64\bin\openssl.cfg
C:\openssl-win64\bin\openssl.exe
genrsa -des3 -out server.key 1024
I've entered a passphrase and then:
req -new -key server.key -out server.csr
and then It shows me the error.
Can someone help me?
Figured It out. Don't install OpenSSl version 1.1.0
Try to upgrade OPENSSL Version to 1.0.2o
Follow this guide: https://www.howtoforge.com/tutorial/how-to-install-openssl-from-source-on-linux/
Related
I tried to generate a private key and certificate using OpenSSL v3.0.1 on x64 using the command:
"C:\Program Files\OpenSSL\bin\openssl.exe" req -x509 -sha256 -days 7300 -newkey rsa:2048 -keyout ProductPrivate.key -out ProductCertificate.crt
Then I try to package the key and certificate into a single PFX file using the command:
"C:\Program Files\OpenSSL\bin\openssl.exe" pkcs12 -export -out KeyPackage.pfx -inkey ProductPrivate.key -in ProductCertificate.crt -passout pass:superevil -passin pass:secret
Here is the actual screenshot, you can see all steps completes successfully and that you can see the password I set it up with.
I verified that all three files are created:
Next I took the pfx and try to import it into a certificate store of couple of machines, however everywhere I tried, I got the same password incorrect error. I used this same instruction 5 - 6 years ago and everything worked so I don't know what changed? do you happen to know?
The screen below proof that I have the right password for the pfx entered.
I found the answer, this is only issue if I use openssl v. 3.0.1. I test the same steps against openssl 1.1 and the import works.
I want create restAPI with self-signed SSL.I install openSSl and want generate key with this command
openssl req -x509 -newkey rsa:4096 -nodes -out cert.pem -keyout key.pem -days 365
but I get error.
Can't open "C:\Program Files\OpenSSL-Win64\bin openssl.cfg" for reading, No such file or directory
202E0000:error:80000002:system library:BIO_new_file:No such file or directory:crypto\bio\bss_file.c:67:calling fopen(C:\Program Files\OpenSSL-Win64\bin openssl.cfg, r)
202E0000:error:10000080:BIO routines:BIO_new_file:no such file:crypto\bio\bss_file.c:75:
I try
set OPENSSL_CONF=C:\Program Files\OpenSSL-Win64\bin openssl.cfg
but it dont solve my problem
If the openssl.cfg is in ....\bin then the setting should be set OPENSSL_CONF=C:\Program Files\OpenSSL-Win64\bin\openssl.cfg, i.e. the last space in your setting should be instead a\
Hello I am trying to create root certificate authority for my own MITM proxy. Based on other tutorial I have used following command.
Generate a private key
openssl genrsa -out cert.key 2048
Generate a certificate
openssl req -new -nodes -x509 -key cert.key -days 365 -out cert.crt
Now the problem is when i try to add to keychain it shows Self Signed Root CA. What i have found is other MITM proxy like proxyman generates cert that shows Root Certificate Authority. Here is screenshot which illustrate my point.
I know i can make certificate that shows Root Certificate Authority from Keychain Access > Certificate Assistant > Create a Certificate Authority.
However my goal is to create certificate programmatically so I can generate certificate for other user easily.
Thanks
After several searching i found following command works. I don't know why it works it would be helpful.
openssl req -x509 -new -nodes -key cert.key -subj "/CN=HELLO" -days 3650 -reqexts v3_req -extensions v3_ca -out ca.crt -config /usr/local/etc/openssl/openssl.cnf
It seem adding something related to v3_req fixes the issue.
Be sure to use latest version of openssl. I used homebrew to install openssl
So I was implementing rush in Orion Context Broker Server instance, and whenever I try to start the contextBroker with the following command:
contextBroker -rush localhost:1234 -https -key privkey.pem -cert cert.csr
, I'm getting the following error:
E#18:16:11 loadFile[1101]: error opening 'privkey.pem': No such file or directory
X#18:16:11 main[1258]: Error loading private server key from 'privkey.pem'
I generated my private key with the following command, I don't know if it's correct:
openssl genrsa -des3 -out privkey.pem 2048
And I generated my certificate with the following command:
openssl req -new -key privkey.pem -out cert.csr
Do I'm doing something wrong?
You have to use absolute path names, i.e.:
contextBroker -rush localhost:1234 -https -key /path/to/privkey.pem -cert /path/to/cert.csr
A note has been added to CLI commands documenation to make this clearer.
In addition, you may find useful the following script on how to generate the needed files:
...
openssl genrsa -out "$keyFileName" 1024 > /dev/null 2>&1
openssl req -days 365 -out "$certFileName" -new -x509 -key "$keyFileName" -subj "$OPTIONS" > /dev/null 2>&1
Using Apache 2.2, SSL is configured. I am creating the key and temporary cert in command prompt. When I use
openssl genrsa -des3 -out server.key 1024
I am returned this output :
WARNING: can't open config file:
z:/strawberry_libs/build/2013Q3_/ssl/openssl. cnf error on line -1
of C:\Program Files\Apache Software Foundation\Apache2.2\conf\o
penssl.cnf
and then it creates the key.
So good and fine. The error is bothersome. Then I try to make the cert with
openssl req -new -key server.key -out server.csr
Now it shows an error and wont create it.
C:\temp>openssl req -new -key server.key -out server.csr WARNING:
can't open config file:
z:/strawberry_libs/build/2013Q3/ssl/openssl.cnf Unable to load
config info from z:/strawberry_libs/build/2013Q3/ssl/openssl.cnf
Not exactly sure how to proceed at this point as I can't get past this step for my assignment without the certification. If there is another way, or a way to correct the error that would be great.