Collections:
Other Resources:
OpenSSL "ca" Error "lookup failed for ca::serial"
Why I am getting the "variable lookup failed for ca::serial" error when running OpenSSL "ca" command?
✍: FYIcenter.com
You are getting the "variable lookup failed for ca::serial" error, because OpenSSL "ca" command can not find the required "serial" option in the configuration file.
For example, if you have the follow configuration file, test.cnf, without "serial" option defined:
# Unnamed section of generic options # section for the "default_ca" option [ca] default_ca = my_ca_default # default section for "ca" command options [my_ca_default] new_certs_dir = ./my_ca/certs database = ./my_ca/certs.db default_md = md5 policy = my_ca_policy
You will get an error, because "serial" is a required option:
C:\Users\fyicenter>\local\OpenSSL-Win32\bin\openssl.exe OpenSSL> ca -in test.csr -keyfile my_ca.key -cert my_ca.crt -config test.cnf Using configuration from test.cnf Enter pass phrase for my_ca.key:fyicenter variable lookup failed for my_ca_default::serial 5816:error:02001002:system library:fopen:No such file or directory: .\crypto\bio\bss_file.c:175:fopen('./my_ca/certs.db.attr','rb') 5816:error:2006D080:BIO routines:BIO_new_file:no such file:.\crypto\bio\bss_file.c:178: 5816:error:0E078072:configuration file routines:DEF_LOAD:no such file: .\crypto\conf\conf_def.c:195: 5816:error:0E06D06C:configuration file routines:NCONF_get_string:no value: .\crypto\conf\conf_lib.c:324:group=my_ca_default name=email_in_dn 5816:error:0E06D06C:configuration file routines:NCONF_get_string:no value: .\crypto\conf\conf_lib.c:324:group=my_ca_default name=serial error in ca
Fixing this error is easy. Just add the "serial" option in the section pointed by the "default_ca" option in the configuration file:
# Unnamed section of generic options # section for the "default_ca" option [ca] default_ca = my_ca_default # default section for "ca" command options [my_ca_default] new_certs_dir = ./my_ca/certs database = ./my_ca/certs.db default_md = md5 policy = my_ca_policy serial = ./my_ca/certs.seq
Remember to create .\my_ca\certs.seq file with "10", if it does not exist. The serial number file holds the serial number for the next new certificate.
⇒ OpenSSL "ca" Error "cannot lookup how many days ..."
2016-09-08, 9371🔥, 0💬
Popular Posts:
Where are private keys are stored on my Windows system? I want to know where are my private keys cre...
Why I am getting the "This Connection is Untrusted" error screen in Mozilla Firefox 9? You will see ...
How to generate a new private key with a public key and generate a CSR (Certificate Signing Request)...
Certificate Summary: Subject: OneLogin Account 98624 Issuer: OneLogin Account 98624 Expiration: 2020...
Certificate summary - Owner: *.mercadolivre.com.br, IT, MERCADOLIBRE S.R.L, L=Ciudad Autonoma de Bue...