1

I am trying to configuring HTTPS based on this tutorial:

Configuring HTTPS for your Elastic Beanstalk Environment

I am stuck at the following section:

To set the OpenSSL_HOME variable

  • Enter the path to the OpenSSL installation:

    c:\ set OpenSSL_HOME=path_to_your_OpenSSL_installation

My openSSL is installed in c:\OpenSSL, so would I write set OpenSSL_HOME=C:\ OpenSSL?

Do I enter such command in Command Prompt?

Finally this step:

To include OpenSSL in your path

  • Open a terminal or command interface and enter the appropriate command for your operating system:

    c:\ set Path=OpenSSL_HOME\bin;%Path%

My %Path% here would be what?

Remy Lebeau
  • 555,201
  • 31
  • 458
  • 770
code_legend
  • 3,547
  • 15
  • 51
  • 95
  • Possible duplicate of [Setting a system environment variable from a Windows batch file?](http://stackoverflow.com/questions/3803581/setting-a-system-environment-variable-from-a-windows-batch-file) and [Permanently Change Environment Variables in Windows](http://stackoverflow.com/q/11928078) – jww Jun 10 '15 at 06:24

1 Answers1

2

My openSSL is installed in c:\OpenSSL, so would I write set OpenSSL_HOME=C:\ OpenSSL?

Yes, but without the space after C:\:

set OpenSSL_HOME=C:\OpenSSL

Do I enter such command in Command Prompt?

You can. Do note, however, that with this approach, you would be modifying the OpenSSL_HOME environment variable for that particular command window only, and it would be accessible only to processes that are run from that same window. As soon as you close the window, your variable disappears.

If you need to make it persistent, especially through reboots, you have to configure the OS's global environment instead. On Windows, right-click on My Computer, go to Properties, Advanced system settings, Environment Variables, and add a new entry for your variable.

My %Path% here would be what?

That is an existing environment variable. You are modifying the existing Path, so by including %Path% to the end of your assignment, you preserve the existing Path so that existing paths can still be accessed.

Fir, note that the example in the documentation is wrong. It should be this instead:

c:\ set Path=%OpenSSL_HOME%\bin;%Path%

With that said, lets say for example that Path already contains a value of C:\Windows\;etc. After the assignment, the new Path will be C:\OpenSSL\bin;C:\Windows\;etc

Remy Lebeau
  • 555,201
  • 31
  • 458
  • 770
  • thank you for the clarification. Unfortunatetly, when I get to this step PROMPT>openssl genrsa 2048 > privatekey.pem, I receive the following message: "Access is denied" would you by chance know the cause of this and in how I could solve it? – code_legend Jun 10 '15 at 02:25
  • You are running `openssl` from `C:\OpenSSL\bin` but using a *relative* path for the output `.pem` file, so `openssl` will try to create the file in the same folder. The user account that you are running `openssl.exe` with likely does not have permissions to write to that folder. Microsoft security is very tight when it comes to where users are allowed to create files. Use the `cd` command to change to another folder that you have permission to write to and then run the `openssl` command again... – Remy Lebeau Jun 10 '15 at 02:47
  • ... `cd "c:\some\folder\with\permissions"` then call `openssl genrsa ...` again... – Remy Lebeau Jun 10 '15 at 02:50
  • thanks for instance which folder would allow me to write could it be c:\documents? how do i know which folder have permission to call? – code_legend Jun 10 '15 at 02:50
  • ... . Or, just specify an *absolute* path for the output file in a folder you have permissions for: `openssl genrsa 2048 > "C:\some\folder\with\permissions\privatekey.pem"` – Remy Lebeau Jun 10 '15 at 02:51
  • Yes, you can write to the documents folder of the user account that is running `openssl`. – Remy Lebeau Jun 10 '15 at 02:51
  • Windows security and persmissions is WAY outside the scope of this discussion. – Remy Lebeau Jun 10 '15 at 02:52
  • Thank you have answered my question. it allowed me to get to the next stage in the documentation To create a private key but after I enter PROMPT>openssl req -new -key privatekey.pem -out csr.pem as suggesteed i only get req -new -key privatekey.pem -out csr.pem back and when i press enter it just returns that line i was especting something like this You are about to be asked to enter information that will be incorporated into your certificate request. What you are ...DN...http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/configuring-https.html – code_legend Jun 10 '15 at 03:12