I know this is a returning issue, but (as far as I found) all suggested solutions did not solve my issue - so I hope I get some additional info from "those who know..."
Setup: I run Apache 2.4 with PHP 7.0.7 and OpenSSL 1.0.2h (all three the 64bit versions) on a Windows Server 2012 environment.
When I try to invoke PHP openssl_pkey_new function, I get those "system library:fopen:No such process" errors. Most of the recommondations point into the direction: "make sure openssl finds its config file". However in my case, I feel this is actually the case (see messages below):
when calling the function with an config array WITHOUT the "config" option, I get TWO sets of "no such process" error messages and a "bool (false)" result.
when calling the function WITH the respective "config" option, I get only ONE set of "no such process" error messages and an "Openssl KEY" ressource as result.
Therefore I belief that the config file actually is found, but something is wrong within the config file.
However I could not find sufficient help on how to pin-down the error within the configuration file - and that is where I need any kind of guidance...
Errors before calling openssl_pkey_new
If no errors above this line are shown, then there are NONE! Config-Array for openssl_pkey_new function Array ( [digest_alg] => sha512 [private_key_bits] => 4096 [private_key_type] => 0 )
Calling openssl_pkey_new - with config-array but without CONFIG !
bool(false)
Errors after calling openssl_pkey_new
string(51) "error:02001003:system library:fopen:No such process"
string(53) "error:2006D080:BIO routines:BIO_new_file:no such file"
string(63) "error:0E064002:configuration file routines:CONF_load:system lib"
string(51) "error:02001003:system library:fopen:No such process"
string(53) "error:2006D080:BIO routines:BIO_new_file:no such file"
string(63) "error:0E064002:configuration file routines:CONF_load:system lib"
Calling openssl_pkey_new - with config-array including CONFIG !
Array
(
[digest_alg] => sha512
[private_key_bits] => 4096
[private_key_type] => 0
[config] => C:\Webserver\OpenSSL\openssl.cfg
)
resource(4) of type (OpenSSL key)
Errors after calling openssl_pkey_new
string(51) "error:02001003:system library:fopen:No such process"
string(53) "error:2006D080:BIO routines:BIO_new_file:no such file"
string(63) "error:0E064002:configuration file routines:CONF_load:system lib"
string(68) "error:0E06D06C:configuration file routines:NCONF_get_string:no value"
string(68) "error:0E06D06C:configuration file routines:NCONF_get_string:no value"
string(68) "error:0E06D06C:configuration file routines:NCONF_get_string:no value"
string(68) "error:0E06D06C:configuration file routines:NCONF_get_string:no value"
string(68) "error:0E06D06C:configuration file routines:NCONF_get_string:no value"
string(68) "error:0E06D06C:configuration file routines:NCONF_get_string:no value"
The config file follows...
Config file "C:\Webserver\OpenSSL\openssl.cfg"
#
# OpenSSL configuration file used ...
# This is mostly being used for generation of certificate requests.
#
openssl_dir = C:\\Webserver\\\OpenSSL # Where Openssl runs
RANDFILE = $openssl_dir\\.rnd
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $openssl_dir\\PEM # Where everything is kept
certs = $dir\\ssl.cert # Where the issued certs are kept
###crl_dir = $dir\\ssl.crl # Where the issued crl are kept
database = $dir\\index.txt # database index file.
new_certs_dir = $dir\\ssl.cert-new # default place for new certs.
certificate = C:\\Webserver\\Apache2\\conf\\ssl.cert\\myown.cert.pem # The CA certificate
serial = $dir\\serial # The current serial number
###crl = crl_dir\\crl.pem # The current CRL
private_key = D:\\ssl.key\\myown.private-key.pem # The private key
###RANDFILE = $dir\\private.rnd # private random number file
x509_extensions = x509v3_extensions # The extentions to add to the cert
default_days = 365 # how long to certify for
default_crl_days = 30 # how long before next CRL
default_md = sha256 # which md to use.
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_match
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
# For the ’anything’ policy
# At this point in time, you must list all acceptable ’object’
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
####################################################################
[ req ]
default_bits = 4096
encrypt_key = no
default_md = sha256 # which md to use.
distinguished_name = req_distinguished_name
attributes = req_attributes
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_min = 2
countryName_max = 2
countryName_default = AT
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Wien
localityName = Locality Name (eg, city)
localityName_default = Wien
organizationName = Organization Name (eg, company)
organizationName_default = MyOwn
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default = Webservices
commonName = Common Name (eg, your website domain name)
commonName_max = 64
commonName_default = www.yourdomain.com
emailAddress = Email Address
emailAddress_max = 40
emailAddress_default = webmaster@mycompany.com
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
[ x509v3_extensions ]
