You have to specify a config file using the -config parameter of openssl. Even as "ca" "req" needs a configuration file to get specific information like keylength or the distinguishedName structure.
My experience is that openssl does not find the default config file so you have to set either the environment variable (don't know the correct name) or you have to take the parameter "-config <filenpath and name>". Regards > -----Ursprüngliche Nachricht----- > Von: Richard M. Hartman [mailto:[EMAIL PROTECTED] > Gesendet: Montag, 16. August 2004 22:27 > An: [EMAIL PROTECTED] > Betreff: Generating Test Certificates > > > > The HOWTO\certificates.txt says to generate the self-signed cert > with: > openssl req -new -x509 -key privkey.pem -out cacert.pem > -days 1095 > > I tried with both an RSA key and a DSA key. They each fail > in slightly > different ways, but both seem to be trying to get something from the > environment. > > C:\work\3rdparty\OpenSSL\openssl-0.9.7d>out32\openssl req -new -x509 > -key myrsakey.pem -out myrsacert.pem -days 1095 > Unable to load config info > unable to find 'distinguished_name' in config > problems making Certificate Request > 2660:error:0E06D06A:configuration file > routines:NCONF_get_string:no conf > or environment variable:.\crypto\conf\conf_lib.c:325: > > C:\work\3rdparty\OpenSSL\openssl-0.9.7d>out32\openssl req -new -x509 > -key mydsakey.pem -out mydsasert.pem -days 1095 > Unable to load config info > Loading 'screen' into random state - done > unable to find 'distinguished_name' in config > problems making Certificate Request > 1996:error:0E06D06A:configuration file > routines:NCONF_get_string:no conf > or environment variable:.\crypto\conf\conf_lib.c:325: > > I had no problems generating the keys with the command in > HOWTO\keys.txt. > > What is it that is missing from the environment? > > > As long as I'm at it ... what do I do with the > certificates once I have them? I am trying to > enable SSL communications on a Windows 2000 machine. > > -- > -Richard M. Hartman > [EMAIL PROTECTED] > > 186,000 mi/sec: not just a good idea, it's the LAW! > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
