I'm trying to install an SSL certificate on an EC2 Load Balancer. Following this guide: http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/ssl-server-cert.html
- I have OpenSSL installed (in Windows)
- running command-prompt as admin
- I'm on the step "Before you use OpenSSL commands, you must configure the operating system so that it has information about the location of the OpenSSL install point."
set OpenSSL_HOME= C:\OpenSSL-Win32
set OpenSSL_CONFIG= C:\OpenSSL-Win32\bin\openssl.cfg
set Path=%Path%;%OpenSSL_HOME%\bin
- Does it matter what directory I'm "in" when I run those commands?
- The Amazon guide says to "set OpenSSL_CONFIG= …" but I've seen in multiple examples that it should be "set OpenSSL_CONF= …" so is it "CONFIG" or "CONF"?
- After that it says to:
openssl genrsa 2048 > your-private-key-filename.pem
- so, I CD to "C:\OpenSSL-Win32\bin" and then I run "openssl genrsa 2048 > new_key.pem"
- At this point 1 of 2 things happens.
- If I used "OpenSSL_CONFIG" like it says in the guide, then I get the warning: "WARNING: can't open config file: /usr/local/ssl/openssl.cnf" however the .pem file DOES get created anyways.
- If I used "OpenSSL_CONF" then I get the following error:
4848:error:0200107B:system library:fopen:Unknown error:.\crypto\bio\bss_file.c:169:fopen('C:\OpenSSL-Win32\bin\openssl.cfg','rb')
4848:error:2006D002:BIO routines:BIO_new_file:system lib:.\crypto\bio\bss_file.c:174:
4848:error:0E078002:configuration file routines:DEF_LOAD:system lib:.\crypto\conf\conf_def.c:199:
-
Then I move on to the step to create a CSR, and I get a similar situation
-
If I used "OpenSSL_CONFIG" then I get this error:
WARNING: can't open config file: /usr/local/ssl/openssl.cnf
Unable to load config info from /usr/local/ssl/openssl.cnf -
If I used "OpenSSL_CONF" then I get this error:
4848:error:0200107B:system library:fopen:Unknown error:.\crypto\bio\bss_file.c:1
69:fopen(' C:\OpenSSL-Win32\bin\openssl.cfg','rb')
4848:error:2006D002:BIO routines:BIO_new_file:system lib:.\crypto\bio\bss_file.c
:174:
4848:error:0E078002:configuration file routines:DEF_LOAD:system lib:.\crypto\con
f\conf_def.c:199:
-
I am totally stuck at this point. I'm unable to create the CSR no matter what I do. Can anyone see what I'm doing wrong?
I'm pretty sure that the Amazon guide is incorrect. "set OpenSSL_CONFIG" doesn't seem to have any effect. But "set OpenSSL_CONF" definitely does have an effect. This makes me wonder what else is incorrect or missing in the Amazon guide…
EDIT:
well… I just skipped the first three steps where you set openssl_home, openssl_config and the path, and everything worked fine. so… not sure what the point of those steps are, because they certainly didn't help.
Best Answer
I had a similar problem, what happened was that I did not set
OPENSSL_CONF
correctly, i.e.:What I see in your post is that you have a single space character after the equals sign on the
set
command:OPENSSL_CONF= your-file-here.cnf
.