Re: Issues creating Certificate Authority
OK, installed 0.9.7e and the openssl.cnf file to the right location. Was then able to create the certificate authority. However, the next step, creating the SSL key for apache, met with the following error: [EMAIL PROTECTED]:/etc/ssl# openssl req -new -config ./openssl.cnf -nodes -out ./apache-req.pem -keyout ./apache-key.pem Using configuration from ./openssl.cnf error on line 1074095624 of ./openssl.cnf 297:error:02001002:system library:fopen:No such file or directory:bss_file.c:104:fopen('./openssl.cnf','rb') 297:error:2006D002:BIO routines:BIO_new_file:system lib:bss_file.c:106: 297:error:0E064002:configuration file routines:CONF_load:system lib:conf_lib.c:91: Ideas? It can't find ./openssl.cnf? I suggest you dump all these cookbook recipes and stick to something like: CA.pl -newca (this creates root CA) CA.pl -newreq (creates a certificate request) CA.pl -sign (signs request). After running those the private key is in newreq.pem, the certificate in newcert.pem and the CA certificate in demoCA/cacert.pem and you can copy them to wherever is appropriate. Steve. OK, thanks. However, I'm clueless about how to execute the above commands. "CA.pl" is an unknown command to my system, and openssl req doesn't list it as an option. What specifically am I missing about your suggestion? - Dan O'Brien __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Issues creating Certificate Authority
On Nov 23, 2004, at 1:59 PM, Charles B Cranston wrote: It's possible from what you describe that it was a hanging alias, that is, a symbolic link pointing to a file that does not actually exist. This looks like a file initially but gets a "file does not exist" when you try to actually use it... Dan O'Brien wrote: On Nov 22, 2004, at 1:41 PM, Dr. Stephen Henson wrote: On Mon, Nov 22, 2004, Dan O'Brien wrote: Searched for openssl.cnf and it is on the system: [EMAIL PROTECTED]:/etc/ssl# locate openssl.cnf /usr/lib/ssl/openssl.cnf Is this a clue to the problem? Might be :-) Depends what's in that file. Does it contain a line with: [distinguished_name] on it? Does it have world read permissions? What happens if you include the command line switch: -config /usr/lib/ssl/openssl.cnf to the req command that was failing before? Progress! It appears that although "locate" indicated the presence of the openssl.cnf file... (as in: [EMAIL PROTECTED]:~$ locate openssl.cnf /usr/lib/ssl/openssl.cnf) ...when I vi'd it as root, the file was blank, and vi indicated that it was making a new file. Adding the -config /usr/lib/ssl/openssl.cnf switch yielded this: [EMAIL PROTECTED]:~# openssl req -new -x509 -keyout private/cakey.pem -out cacert.pem -days 7000 -config /usr/lib/ssl/openssl.cnf Using configuration from /usr/lib/ssl/openssl.cnf error on line 1074095624 of /usr/lib/ssl/openssl.cnf 1708:error:02001002:system library:fopen:No such file or directory:bss_file.c:104:fopen('/usr/lib/ssl/openssl.cnf','rb') 1708:error:2006D002:BIO routines:BIO_new_file:system lib:bss_file.c:106: 1708:error:0E064002:configuration file routines:CONF_load:system lib:conf_lib.c:91: Changing directories and listing showed this: [EMAIL PROTECTED]:/usr/lib/ssl# ls certs lib misc openssl.cnf private ...wherein openssl.cnf was displayed in red text set against a black selection rectangle -- what does this indicate? In any case, all signs pointed to a malfunctioning file, so I rm'd it. You previously suggested that I unpack one from another installation. Unless you have a better idea, I believe the next move will be to try to install 0.9.7e. - Dan O'Brien OK, installed 0.9.7e and the openssl.cnf file to the right location. Was then able to create the certificate authority. However, the next step, creating the SSL key for apache, met with the following error: [EMAIL PROTECTED]:/etc/ssl# openssl req -new -config ./openssl.cnf -nodes -out ./apache-req.pem -keyout ./apache-key.pem Using configuration from ./openssl.cnf error on line 1074095624 of ./openssl.cnf 297:error:02001002:system library:fopen:No such file or directory:bss_file.c:104:fopen('./openssl.cnf','rb') 297:error:2006D002:BIO routines:BIO_new_file:system lib:bss_file.c:106: 297:error:0E064002:configuration file routines:CONF_load:system lib:conf_lib.c:91: Ideas? - Dan O'Brien __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Issues creating Certificate Authority
On Nov 22, 2004, at 1:41 PM, Dr. Stephen Henson wrote: On Mon, Nov 22, 2004, Dan O'Brien wrote: Searched for openssl.cnf and it is on the system: [EMAIL PROTECTED]:/etc/ssl# locate openssl.cnf /usr/lib/ssl/openssl.cnf Is this a clue to the problem? Might be :-) Depends what's in that file. Does it contain a line with: [distinguished_name] on it? Does it have world read permissions? What happens if you include the command line switch: -config /usr/lib/ssl/openssl.cnf to the req command that was failing before? Progress! It appears that although "locate" indicated the presence of the openssl.cnf file... (as in: [EMAIL PROTECTED]:~$ locate openssl.cnf /usr/lib/ssl/openssl.cnf) ...when I vi'd it as root, the file was blank, and vi indicated that it was making a new file. Adding the -config /usr/lib/ssl/openssl.cnf switch yielded this: [EMAIL PROTECTED]:~# openssl req -new -x509 -keyout private/cakey.pem -out cacert.pem -days 7000 -config /usr/lib/ssl/openssl.cnf Using configuration from /usr/lib/ssl/openssl.cnf error on line 1074095624 of /usr/lib/ssl/openssl.cnf 1708:error:02001002:system library:fopen:No such file or directory:bss_file.c:104:fopen('/usr/lib/ssl/openssl.cnf','rb') 1708:error:2006D002:BIO routines:BIO_new_file:system lib:bss_file.c:106: 1708:error:0E064002:configuration file routines:CONF_load:system lib:conf_lib.c:91: Changing directories and listing showed this: [EMAIL PROTECTED]:/usr/lib/ssl# ls certs lib misc openssl.cnf private ...wherein openssl.cnf was displayed in red text set against a black selection rectangle -- what does this indicate? In any case, all signs pointed to a malfunctioning file, so I rm'd it. You previously suggested that I unpack one from another installation. Unless you have a better idea, I believe the next move will be to try to install 0.9.7e. - Dan O'Brien __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Issues creating Certificate Authority
On Nov 18, 2004, at 1:27 PM, Dr. Stephen Henson wrote: On Thu, Nov 18, 2004, Dan O'Brien wrote: It's old, but it's the latest in "Debian Stable:" [EMAIL PROTECTED]:~# openssl version -a OpenSSL 0.9.6c 21 dec 2001 built on: Wed Mar 3 19:09:47 UTC 2004 platform: debian-i386 options: bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) blowfish(idx) compiler: gcc -fPIC -DTHREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DNO_IDEA -DNO_MDC2 -DNO_RC5 -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall I'd advise you to use a newer version that's ancient and has a number of problems. Failing that look for a file called 'openssl.cnf' on your system. It could be in /usr/local/ssl/openssl.cnf but if they've used different compilation options it may be elswhere. If its not on your system at all that's the problem. If it isn't present then download OpenSSL and extract openssl.cnf from there. Steve. Searched for openssl.cnf and it is on the system: [EMAIL PROTECTED]:/etc/ssl# locate openssl.cnf /usr/lib/ssl/openssl.cnf Is this a clue to the problem? We're running openssl as part of the Debian apache-ssl package. Successfully removed openssl 0.9.6 using the standard apt-get remove Debian tool, but unexpectedly uninstalled apache as well. Will an installation of openssl 0.9.7e overwrite the existing version? How do we install the new version of openssl without disrupting apache? Optionally, should we skip the apt-get, uninstall everything, and re-install manually? __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Issues creating Certificate Authority
On Nov 18, 2004, at 12:58 PM, Dr. Stephen Henson wrote: On Thu, Nov 18, 2004, Dan O'Brien wrote: On Nov 18, 2004, at 11:48 AM, Dr. Stephen Henson wrote: On Thu, Nov 18, 2004, Dan O'Brien wrote: On Nov 17, 2004, at 7:49 PM, Dr. Stephen Henson wrote: On Wed, Nov 17, 2004, Dan O'Brien wrote: Hi Steve, thanks for the response. We did not get this error (or if we have, we haven't seen it): Using configuration from /some/path/openssl.cnf Unable to load config info But we did get this error upon attempting to make a CA: unable to find 'distinguished_name' in config problems making Certificate Request OK, try repeating the command with the -verbose command line option. It should then tell you where its getting its configuration from. Check if the file exists is readable or is obviously broken. If it contains no line with this in it: [distinguished_name] then that counts as broken :-) OK -- the "-v" option is unknown to the "req" command, as in: [EMAIL PROTECTED]:~# openssl req -v -new -x509 -keyout private/cakey.pem -out cacert.pem -days 7000 I said use the -verbose option not -v as in: openssl req -verbose -new -x509 -keyout private/cakey.pem -out cacert.pem -days 7000 Steve. We did attempt that previously, with the same result (sorry we didn't post this earlier): [EMAIL PROTECTED]:~# openssl req -verbose -new -x509 -keyout private/cakey.pem -out cacert.pem -days 7000 unknown option -verbose req [options] outfile where options are -inform arginput format - DER or PEM -outform arg output format - DER or PEM -in arginput file -out arg output file -text text form of request -noout do not output REQ -verifyverify signature on REQ -modulus RSA modulus -nodes don't encrypt the output key -key file use the private key contained in file -keyform arg key file format -keyout argfile to send the key to -rand file:file:... load the file (or the files in the directory) into the random number generator -newkey rsa:bits generate a new RSA key of 'bits' in size -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file' -[digest] Digest to sign with (md5, sha1, md2, mdc2, md4) -config file request template file. -new new request. -x509 output a x509 structure instead of a cert. req. -days number of days a x509 generated by -x509 is valid for. -newhdroutput "NEW" in the header lines -asn1-kludge Output the 'request' in a format that is wrong but some CA's have been reported as requiring -extensions .. specify certificate extension section (override value in config file) -reqexts ..specify request extension section (override value in config file) What version of OpenSSL are you using (openssl version -a)? Steve. It's old, but it's the latest in "Debian Stable:" [EMAIL PROTECTED]:~# openssl version -a OpenSSL 0.9.6c 21 dec 2001 built on: Wed Mar 3 19:09:47 UTC 2004 platform: debian-i386 options: bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) blowfish(idx) compiler: gcc -fPIC -DTHREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DNO_IDEA -DNO_MDC2 -DNO_RC5 -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Issues creating Certificate Authority
On Nov 18, 2004, at 11:48 AM, Dr. Stephen Henson wrote: On Thu, Nov 18, 2004, Dan O'Brien wrote: On Nov 17, 2004, at 7:49 PM, Dr. Stephen Henson wrote: On Wed, Nov 17, 2004, Dan O'Brien wrote: Hi Steve, thanks for the response. We did not get this error (or if we have, we haven't seen it): Using configuration from /some/path/openssl.cnf Unable to load config info But we did get this error upon attempting to make a CA: unable to find 'distinguished_name' in config problems making Certificate Request OK, try repeating the command with the -verbose command line option. It should then tell you where its getting its configuration from. Check if the file exists is readable or is obviously broken. If it contains no line with this in it: [distinguished_name] then that counts as broken :-) OK -- the "-v" option is unknown to the "req" command, as in: [EMAIL PROTECTED]:~# openssl req -v -new -x509 -keyout private/cakey.pem -out cacert.pem -days 7000 I said use the -verbose option not -v as in: openssl req -verbose -new -x509 -keyout private/cakey.pem -out cacert.pem -days 7000 Steve. We did attempt that previously, with the same result (sorry we didn't post this earlier): [EMAIL PROTECTED]:~# openssl req -verbose -new -x509 -keyout private/cakey.pem -out cacert.pem -days 7000 unknown option -verbose req [options] outfile where options are -inform arginput format - DER or PEM -outform arg output format - DER or PEM -in arginput file -out arg output file -text text form of request -noout do not output REQ -verifyverify signature on REQ -modulus RSA modulus -nodes don't encrypt the output key -key file use the private key contained in file -keyform arg key file format -keyout argfile to send the key to -rand file:file:... load the file (or the files in the directory) into the random number generator -newkey rsa:bits generate a new RSA key of 'bits' in size -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file' -[digest] Digest to sign with (md5, sha1, md2, mdc2, md4) -config file request template file. -new new request. -x509 output a x509 structure instead of a cert. req. -days number of days a x509 generated by -x509 is valid for. -newhdroutput "NEW" in the header lines -asn1-kludge Output the 'request' in a format that is wrong but some CA's have been reported as requiring -extensions .. specify certificate extension section (override value in config file) -reqexts ..specify request extension section (override value in config file) - Dan O'Brien __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Issues creating Certificate Authority
On Nov 17, 2004, at 7:49 PM, Dr. Stephen Henson wrote: On Wed, Nov 17, 2004, Dan O'Brien wrote: Hi Steve, thanks for the response. We did not get this error (or if we have, we haven't seen it): Using configuration from /some/path/openssl.cnf Unable to load config info But we did get this error upon attempting to make a CA: unable to find 'distinguished_name' in config problems making Certificate Request OK, try repeating the command with the -verbose command line option. It should then tell you where its getting its configuration from. Check if the file exists is readable or is obviously broken. If it contains no line with this in it: [distinguished_name] then that counts as broken :-) OK -- the "-v" option is unknown to the "req" command, as in: [EMAIL PROTECTED]:~# openssl req -v -new -x509 -keyout private/cakey.pem -out cacert.pem -days 7000 unknown option -v req [options] outfile where options are -inform arginput format - DER or PEM -outform arg output format - DER or PEM -in arginput file -out arg output file -text text form of request -noout do not output REQ -verifyverify signature on REQ -modulus RSA modulus -nodes don't encrypt the output key -key file use the private key contained in file -keyform arg key file format -keyout argfile to send the key to -rand file:file:... load the file (or the files in the directory) into the random number generator -newkey rsa:bits generate a new RSA key of 'bits' in size -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file' -[digest] Digest to sign with (md5, sha1, md2, mdc2, md4) -config file request template file. -new new request. -x509 output a x509 structure instead of a cert. req. -days number of days a x509 generated by -x509 is valid for. -newhdroutput "NEW" in the header lines -asn1-kludge Output the 'request' in a format that is wrong but some CA's have been reported as requiring -extensions .. specify certificate extension section (override value in config file) -reqexts ..specify request extension section (override value in config file) What are we missing here? - Dan O'Brien __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Issues creating Certificate Authority
On Nov 17, 2004, at 1:01 PM, Dr. Stephen Henson wrote: On Wed, Nov 17, 2004, Dan O'Brien wrote: Hi, We're trying to generate a Certificate Authority on our Debian/Apachessl server. Here's the command we're entering: openssl req -new -x509 -keyout private/cakey.pem -out cacert.pem -days 7000 The above command kicks back the following error: unable to find 'distinguished_name' in config problems making Certificate Request 290:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:conf_lib.c:343: We checked the openssl FAQ and discovered this: + DIAGNOSTICS The following messages are frequently asked about: Using configuration from /some/path/openssl.cnf Unable to load config info This is followed some time later by... unable to find 'distinguished_name' in config problems making Certificate Request The first error message is the clue: it can't find the configuration file! Certain operations (like examining a certificate request) don't need a configuration file so its use isn't enforced. Generation of certificates or requests however does need a configuration file. This could be regarded as a bug. Another puzzling message is this: Attributes: a0:00 this is displayed when no attributes are present and the request includes the correct empty SET OF structure (the DER encoding of which is 0xa0 0x00). If you just see: Attributes: then the SET OF is missing and the encoding is technically invalid (but it is tolerated). See the description of the command line option -asn1-kludge for more information. + We then followed the lead to this info about -asn1-kludge: The lead isn't asn1-kludge, that's something entirely different. The hint is the bit where it talks about being unable to find the configuration file. Do you get an error about being unable to find the configuration file before the one you mentioned? Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] Hi Steve, thanks for the response. We did not get this error (or if we have, we haven't seen it): Using configuration from /some/path/openssl.cnf Unable to load config info But we did get this error upon attempting to make a CA: unable to find 'distinguished_name' in config problems making Certificate Request - Dan O'Brien __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Issues creating Certificate Authority
Hi, We're trying to generate a Certificate Authority on our Debian/Apachessl server. Here's the command we're entering: openssl req -new -x509 -keyout private/cakey.pem -out cacert.pem -days 7000 The above command kicks back the following error: unable to find 'distinguished_name' in config problems making Certificate Request 290:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:conf_lib.c:343: We checked the openssl FAQ and discovered this: + DIAGNOSTICS The following messages are frequently asked about: Using configuration from /some/path/openssl.cnf Unable to load config info This is followed some time later by... unable to find 'distinguished_name' in config problems making Certificate Request The first error message is the clue: it can't find the configuration file! Certain operations (like examining a certificate request) don't need a configuration file so its use isn't enforced. Generation of certificates or requests however does need a configuration file. This could be regarded as a bug. Another puzzling message is this: Attributes: a0:00 this is displayed when no attributes are present and the request includes the correct empty SET OF structure (the DER encoding of which is 0xa0 0x00). If you just see: Attributes: then the SET OF is missing and the encoding is technically invalid (but it is tolerated). See the description of the command line option -asn1-kludge for more information. + We then followed the lead to this info about -asn1-kludge: + asn1-kludge by default the req command outputs certificate requests containing no attributes in the correct PKCS#10 format. However certain CAs will only accept requests containing no attributes in an invalid form: this option produces this invalid format. More precisely the Attributes in a PKCS#10 certificate request are defined as a SET OF Attribute. They are not OPTIONAL so if no attributes are present then they should be encoded as an empty SET OF. The invalid form does not include the empty SET OF whereas the correct form does. It should be noted that very few CAs still require the use of this option. + We then attempted to add the -asn1-kludge command to our req line in the following manner: [EMAIL PROTECTED]:/etc/ssl# openssl req -asn1-kludge -new -x509 -keyout private/cakey.pem -out cacert.pem -days 7000 And we received the same result as before: unable to find 'distinguished_name' in config problems making Certificate Request 302:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:conf_lib.c:343: Any ideas? TIA, Dan O'Brien __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: CSR generation not happy
Hi Tyler, thanks for the response. We're trying to generate a certificate request so that we can get a new certificate. Any ideas? On Oct 26, 2004, at 7:04 AM, Tyler Durden wrote: Sorry, I know a lot, but what do you want to get?, A certificate or a certificate request, because that I think that this command (openssl req) genrates a certificate request. On Fri, 22 Oct 2004 11:53:44 -0400, Dan O'Brien <[EMAIL PROTECTED]> wrote: Hi, We're having some trouble generating a public.csr, so that we can install an SSL Certificate on our web server. Verisign has no suggestions. We've googled the error below with no results. Anyone have any ideas? Here's the command and the error result: [EMAIL PROTECTED]:/usr/lib/ssl/certs# openssl req -new -nodes -keyout private.key -out public.csr Using configuration from /usr/lib/ssl/openssl.cnf Unable to load config info Generating a 512 bit RSA private key ... .. writing new private key to 'private.key' - unable to find 'distinguished_name' in config problems making Certificate Request 5012:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:conf_lib.c:343: 5012:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:conf_lib.c:343: 5012:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:conf_lib.c:343: 5012:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:conf_lib.c:343: 5012:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:conf_lib.c:343: 5012:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:conf_lib.c:343: 5012:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:conf_lib.c:343: 5012:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:conf_lib.c:343: 5012:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:conf_lib.c:343: 5012:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:conf_lib.c:343: 5012:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:conf_lib.c:343: 5012:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:conf_lib.c:343: TIA for any assistance, Dan O'Brien __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
CSR generation not happy
Hi, We're having some trouble generating a public.csr, so that we can install an SSL Certificate on our web server. Verisign has no suggestions. We've googled the error below with no results. Anyone have any ideas? Here's the command and the error result: [EMAIL PROTECTED]:/usr/lib/ssl/certs# openssl req -new -nodes -keyout private.key -out public.csr Using configuration from /usr/lib/ssl/openssl.cnf Unable to load config info Generating a 512 bit RSA private key ... .. writing new private key to 'private.key' - unable to find 'distinguished_name' in config problems making Certificate Request 5012:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:conf_lib.c:343: 5012:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:conf_lib.c:343: 5012:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:conf_lib.c:343: 5012:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:conf_lib.c:343: 5012:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:conf_lib.c:343: 5012:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:conf_lib.c:343: 5012:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:conf_lib.c:343: 5012:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:conf_lib.c:343: 5012:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:conf_lib.c:343: 5012:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:conf_lib.c:343: 5012:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:conf_lib.c:343: 5012:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:conf_lib.c:343: TIA for any assistance, Dan O'Brien __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]