14

I am following these guidelines to generate self-signed certificates with OpenSSL.

I am under Windows 10. My working directory is as follows:

PS E:\Certificats\predix\root\ca> ls


    Directory: E:\Certificats\predix\root\ca


Mode                LastWriteTime         Length Name
----                -------------         ------ ----
d-----         9/1/2016  11:57 AM                certs
d-----         9/1/2016  11:55 AM                crl
d-----         9/1/2016  12:00 PM                intermediate
d-----         9/1/2016  11:55 AM                newcerts
d-----         9/1/2016  11:56 AM                private
-a----         9/1/2016  11:55 AM              2 index.txt
-a----         9/1/2016  11:56 AM           4306 openssl.cnf
-a----         9/1/2016  11:55 AM             14 serial

After several steps in the guideline, when I type

openssl ca -config openssl.cnf -extensions v3_intermediate_ca -days 3650 -notext -md s

I get the following error

Using configuration from openssl.cnf
Enter pass phrase for ./private/ca.key.pem:
unable to load number from ./serial
error while loading serial number
12944:error:0D066096:asn1 encoding routines:a2i_ASN1_INTEGER:short line:.\crypto\asn1\f_int.c:212:
PS E:\Certificats\predix\root\ca> openssl ca -config openssl.cnf -extensions v3_intermediate_ca -days 3650 -notext -md sha256 -in intermediate/csr/intermediate.csr.pem  -out intermediate/certs/intermediate.cert.pem
Using configuration from openssl.cnf

telling me that it has some issue reading the serial file.

The content of serial is

1000

Does anyone have a fix for this ? The file exists and its pathname in the conf file is the correct...

SMarmorat
  • 451
  • 1
  • 3
  • 6
  • Stack Overflow is a site for programming and development questions. This question appears to be off-topic because it is not about programming or development. See [What topics can I ask about here](http://stackoverflow.com/help/on-topic) in the Help Center. Perhaps [Super User](http://superuser.com/) or [Unix & Linux Stack Exchange](http://unix.stackexchange.com/) would be a better place to ask. Also see [Where do I post questions about Dev Ops?](http://meta.stackexchange.com/q/134306) – jww Sep 02 '16 at 04:34

3 Answers3

18

Solved the issue myself: I created the serial file using 

echo 00 > serial

which produced a Unicode file while openssl was expecting an ANSI file.

SMarmorat
  • 451
  • 1
  • 3
  • 6
2

For others that still received the error after applying the suggested answer of:

PS> echo 00 > serial
unable to load number from ./serial
error while loading serial number
29488:error:0D066096:asn1 encoding routines:a2i_ASN1_INTEGER:short line:crypto\asn1\f_int.c:140:

I was able to fix this by running the same command in Git Bash terminal. This placed the file in the appropriate format for openssl.

DarkFm
  • 430
  • 6
  • 7
0

It was a surprise to me too but PowerShell by default writes UTF-16 files. More details here.

OpenSSL doesn't recognize UTF-16 as well as UTF-8 BOM.

So instead of echo 00 > serial you can use Out-File to write a plain ASCII file:

"00" | Out-File -encoding ascii -NoNewline "serial"
rustyx
  • 80,671
  • 25
  • 200
  • 267