Amazon-web-services – Error specifying OpenSSL config file

amazon-web-servicesopensslssl-certificate

I'm trying to install an SSL certificate on an EC2 Load Balancer. Following this guide: http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/ssl-server-cert.html

  • I have OpenSSL installed (in Windows)
  • running command-prompt as admin
  • I'm on the step "Before you use OpenSSL commands, you must configure the operating system so that it has information about the location of the OpenSSL install point."

set OpenSSL_HOME= C:\OpenSSL-Win32

set OpenSSL_CONFIG= C:\OpenSSL-Win32\bin\openssl.cfg

set Path=%Path%;%OpenSSL_HOME%\bin

  • Does it matter what directory I'm "in" when I run those commands?
  • The Amazon guide says to "set OpenSSL_CONFIG= …" but I've seen in multiple examples that it should be "set OpenSSL_CONF= …" so is it "CONFIG" or "CONF"?
  • After that it says to:

openssl genrsa 2048 > your-private-key-filename.pem

  • so, I CD to "C:\OpenSSL-Win32\bin" and then I run "openssl genrsa 2048 > new_key.pem"
  • At this point 1 of 2 things happens.
    • If I used "OpenSSL_CONFIG" like it says in the guide, then I get the warning: "WARNING: can't open config file: /usr/local/ssl/openssl.cnf" however the .pem file DOES get created anyways.
    • If I used "OpenSSL_CONF" then I get the following error:

4848:error:0200107B:system library:fopen:Unknown error:.\crypto\bio\bss_file.c:169:fopen('C:\OpenSSL-Win32\bin\openssl.cfg','rb')
4848:error:2006D002:BIO routines:BIO_new_file:system lib:.\crypto\bio\bss_file.c:174:
4848:error:0E078002:configuration file routines:DEF_LOAD:system lib:.\crypto\conf\conf_def.c:199:

  • Then I move on to the step to create a CSR, and I get a similar situation

    • If I used "OpenSSL_CONFIG" then I get this error:

      WARNING: can't open config file: /usr/local/ssl/openssl.cnf
      Unable to load config info from /usr/local/ssl/openssl.cnf

    • If I used "OpenSSL_CONF" then I get this error:

      4848:error:0200107B:system library:fopen:Unknown error:.\crypto\bio\bss_file.c:1
      69:fopen(' C:\OpenSSL-Win32\bin\openssl.cfg','rb')
      4848:error:2006D002:BIO routines:BIO_new_file:system lib:.\crypto\bio\bss_file.c
      :174:
      4848:error:0E078002:configuration file routines:DEF_LOAD:system lib:.\crypto\con
      f\conf_def.c:199:

I am totally stuck at this point. I'm unable to create the CSR no matter what I do. Can anyone see what I'm doing wrong?

I'm pretty sure that the Amazon guide is incorrect. "set OpenSSL_CONFIG" doesn't seem to have any effect. But "set OpenSSL_CONF" definitely does have an effect. This makes me wonder what else is incorrect or missing in the Amazon guide…

EDIT:
well… I just skipped the first three steps where you set openssl_home, openssl_config and the path, and everything worked fine. so… not sure what the point of those steps are, because they certainly didn't help.

Best Answer

I had a similar problem, what happened was that I did not set OPENSSL_CONF correctly, i.e.:

set OPENSSL_CONF="D:\openssl.cnf"      # did not work :(
set OPENSSL_CONF=D:\openssl.cnf        # worked! (without the quotes)

What I see in your post is that you have a single space character after the equals sign on the set command: OPENSSL_CONF= your-file-here.cnf.

Related Topic