# OpenSSL error



## fullauto (Mar 27, 2013)

Was wondering if anyone could shed some light on this error message:


```
[ROOT@hermes]/root/CA-> openssl ca -config openssl.cnf -policy policy_anything -out hermes-cert.pem -infiles tmp.pem
Using configuration from openssl.cnf
Enter pass phrase for /root/CA/private/cakey.pem:<[color="Navy"]entered pass here[/color]
[color="Red"]default is an unsupported message digest type[/color]
57122:error:02001002:system library:fopen:No such file or directory:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:126:fopen('/root/CA/index.txt.attr','rb')
57122:error:2006D080:BIO routines:BIO_new_file:no such file:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:129:
57122:error:0E078072:configuration file routines:DEF_LOAD:no such file:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/conf/conf_def.c:197:
```

x(


----------



## cpm@ (Mar 27, 2013)

Try setting unique_subject to 'no' in /root/CA/index.txt.attr. See ca(1).


> *unique_subject*
> If the value yes is given, the valid certificate entries in the database must have unique subjects. If the value no is given, several valid certificate entries may have the exact same subject. The default value is yes, to be compatible with older (pre 0.9.8) versions of OpenSSL. However, to make CA certificate roll-over easier, it's recommended to use the value no, especially if combined with the -selfsign command line option.​



Read tutorial: 
http://lists.freebsd.org/pipermail/freebsd-questions/2012-July/243634.html.


----------

