# OpenSSL



## xolod-ru (Aug 27, 2009)

Hi All! 
Help please understand, when you create a certificate error ...


```
root# mkdir /etc/ssl/sslcert
root# cd /etc/ssl/sslcert
root# openssl req -new -newkey rsa:4096 -nodes -keyout /etc/ssl/sslcert/ca.key -x509 -days 365 \
   -subj /C=RU/ST=Russia/L=Moscow/O=Internet/OU=Internet/CN=localhost/emailAddress=gmail.com@gmail.com -out /etc/ssl/sslcert/ca.crt

Unable to load config info
Generating a 4096 bit RSA private key
.........................................++
.....................++
writing new private key to '/etc/ssl/sslcert/ca.key'
-----
unable to find 'distinguished_name' in config
problems making Certificate Request
1888:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/conf/conf_lib.c:325:

root# openssl version
OpenSSL 0.9.7e-p1 25 Oct 2004

root# uname -a
FreeBSD 6.4-RELEASE

root# portsnap update
Ports tree is already up to date.

root# cd /usr/ports/security/openssl
root# make install clean

===>  openssl-0.9.8k_3 is marked as broken: No patchset for 0.9.8.
*** Error code 1

Stop in /usr/ports/security/openssl.
```


----------



## SirDice (Aug 27, 2009)

> The following messages are frequently asked about:
> 
> Using configuration from /some/path/openssl.cnf
> Unable to load config info
> ...


http://www.openssl.org/docs/apps/req.html#DIAGNOSTICS


----------



## xolod-ru (Aug 27, 2009)

What other proposals?


----------



## DutchDaemon (Aug 27, 2009)

Not BSD-specific, but it may provide some insight.
http://www.akadia.com/services/ssh_test_certificate.html

You can also put /usr/src/crypto/openssl/apps/openssl.cnf in /etc/ssl/.


----------



## xolod-ru (Aug 27, 2009)

Thank DutchDaemon, works!


----------

