Can't open config file: /usr/local/ssl/openssl.cnf on Windows

Question

I have installed OpenSSL 64. I want to use a certificate for my nodejs https server. I ran the following command:

openssl genrsa -out subdomain.domain.com.key 1024

But I have got the error:

WARNING: can't open config file: /usr/local/ssl/openssl.cnf
Loading 'screen' into random state - done
Generating RSA private key, 1024 bit long modulus
.........++++++
.........................................++++++
unable to write 'random state'
e is 65537 (0x10001)

How can I resolve it?
Is this the right command?

Create a text file and call it openssl.cnf. Sample content of the file: http://www.flatmtn.com/article/setting-openssl-create-certificates#SSLCert-4 — simhumileco, Apr 26 '17 at 09:44
Stackoverflow post: http://stackoverflow.com/a/43630802/4217744 — simhumileco, Apr 27 '17 at 08:13

score 297 · Accepted Answer · edited Oct 18 '17 at 21:18

297

The solution is running this command:

set OPENSSL_CONF=C:\OpenSSL-Win32\bin\openssl.cfg

or

set OPENSSL_CONF=[path-to-OpenSSL-install-dir]\bin\openssl.cfg

in the command prompt before using openssl command.

Let openssl know for sure where to find its .cfg file.

Alternatively you could set the same variable OPENSSL_CONF in the Windows environment variables.

NOTE: This can happen when using the OpenSSL binary distribution from Shining Light Productions (a compiled + installer version of the official OpenSSL that is free to download & use). This distribution is "semi-officially" linked from OpenSSL's site as a "service primarily for operating systems where there are no pre-compiled OpenSSL packages".

edited Oct 18 '17 at 21:18

David

5,882
3
33
44

answered Oct 08 '13 at 13:41

DavAlPi

3,138
1
14
9

1

Make sure you create a user variable. In my case, creating a system var doesn't fix the issue. – birken25 Apr 04 '16 at 20:20
3

Does not work and I've checked the OPENSSL_CONF var in the console and it's set. – Paul-Sebastian Manole May 04 '17 at 22:06
3

If you are using a path with spaces, try wrapping it with quotes: `set "OPENSSL_CONF=C:\OpenSSL Win32\bin 123\openssl.cfg"` – NoOne Mar 11 '18 at 19:36
Also note that, as most cross-platform open-source crapyware do, having unicode characters in the path will create problems. – NoOne Mar 11 '18 at 19:39
For me it was required to use double slashes: `set OPENSSL_CONF=C:\\Projects\\Web\\apache\\conf\\openssl.cnf` – Andron Aug 12 '20 at 19:52
@birken25 If creating this as a system var, you will have to get a new cmd prompt. Existing cmd sessions do not update their environment with changes to system variables. – matty Jun 29 '22 at 19:56
@matty Good tip, maybe that was my issue – birken25 Jul 06 '22 at 20:56
2

I had to change `cfg` in the above command to `cnf` – Post Impatica Oct 04 '22 at 16:52

score 25 · Answer 2 · edited Feb 25 '17 at 08:28

25

I've SSL on Apache2.4.4 and executing this code at first, did the trick:
set OPENSSL_CONF=C:\wamp\bin\apache\Apache2.4.4\conf\openssl.cnf

then execute the rest codes..

edited Feb 25 '17 at 08:28

T.Todua

53,146
19
236
237

answered Aug 29 '14 at 03:48

komu_Mkeya

404
4
5

1

This worked for me on Windows 2008 R2 with Win64OpenSSL_Light-1_1_0c +1 – Cyclonecode Nov 23 '16 at 11:52

Zombo · Answer 3 · 2015-02-20T01:12:47.147

11

/usr/local/ssl/openssl.cnf

A path like this means the program has been compiled with either Cygwin or MSYS. If you must use this openssl then you will need an interpreter that understands those paths, like Bash, which is provided by Cygwin or MSYS.

Another option would be to download or compile a Windows Native version of openssl. Using that the program would instead require a path like

C:\Users\Steven\ssl\openssl.cnf

which would be better suited for the Command Prompt.

edited Feb 20 '15 at 01:12

answered May 20 '13 at 21:39

Zombo

1
62
391
407

No. I think it means it was compiled with OPENSSLDIR: "/usr/local/ssl". Mine was compiled with cl.exe `openssl version -f compiler: cl -D_USING_V110_SDK71_ [..]`. – Paul-Sebastian Manole May 04 '17 at 22:10

score 8 · Answer 4 · edited Jun 20 '20 at 09:12

8

SOLUTION!

just set -config parameter location correctly, i.e :

openssl ....................  -config C:\bin\apache\apache2.4.9\conf\openssl.cnf

edited Jun 20 '20 at 09:12

Community

1
1

answered Jan 23 '16 at 10:32

T.Todua

53,146
19
236
237

5

This works for "openssl req" but not for "openssl pkcs12". The environment variable worked for both. It is strange that the pkcs12 option does not include the -config switch. – GarDavis Feb 28 '16 at 22:32
Funny... `openssl req` ignores `-config` here (Apache/2.4.10 Win64) but setting `OPENSSL_CONF` works fine. – Álvaro González Feb 24 '17 at 14:47

score 7 · Answer 5 · answered Jul 10 '15 at 15:38

7

In my case I used the binaries from Shining Light and the environment variables were already updated. But still had the issue until I ran a command window with elevated privileges.

When you open the CMD window be sure to run it as Administrator. (Right click the Command Prompt in Start menu and choose "Run as administrator")

I think it can't read the files due to User Account Control.

answered Jul 10 '15 at 15:38

FlyBy

71
1
1

1

Running the commands as Administrator and doing `set OPENSSL_CONF=` fixed the problem for me. Thanks! – Caspian Canuck Jul 22 '19 at 19:42

score 3 · Answer 6 · edited May 15 '15 at 11:13

3

Not sure what is the difference between .cfg & .cnf In my server I couldn't find .cfg or .cnf I had created a new file for the same and placed it in the following folder /usr/local/ssl/bin

executed the

.\openssl genrsa -des3 -out <key name>.key 2048

went great..

edited May 15 '15 at 11:13

Arnab Nandy

6,472
5
44
50

answered May 15 '15 at 08:55

Dev

39
1
1

score 1 · Answer 7 · answered Jun 09 '15 at 18:39

1

Simply install Win64 OpenSSL v1.0.2a or Win32 OpenSSL v1.0.2a, you can download these from http://slproweb.com/products/Win32OpenSSL.html. Works out of the box, no configuration needed.

answered Jun 09 '15 at 18:39

autremoi

261
2
7

1

That's where I downloaded from, and was going to say that it has the problem described by the OP, but after following advice (from Xero accounting) to restart the computer after installing, I found that it worked with no issues. – Jon Jun 03 '16 at 16:38

Can't open config file: /usr/local/ssl/openssl.cnf on Windows

7 Answers7

SOLUTION!

Linked