WARNING: can't open config file: ./bin/openssl.cnf

Solution 1

Explaining your problem

This error occurs mainly on Windows computers when you are using OpenSSL package or the Windows installer!

The reason is that OpenSSL failed to locate the openssl.cnf file!

Step-by-Step instructions

I will recommend that you do the following (windows only):

1. Open your command prompt as Administrator (few OpenSSL commands opens in random state), thus when OpenSSL tries to write stuff on your disk it fails.

   • Try this easy and fast method: Open the Run dialog box with , type cmd and hit

2. Now before you run any OpenSSL command type the following:

   set OPENSSL_CONF=c:\[PATH TO YOUR OPENSSL DIRECTORY]\bin\openssl.cfg

   • A sample path is: C:\OpenSSL-Win32\bin\openssl.cfg. For Windows (x64-bit) use C:\OpenSSL-Win64\bin\openssl.cfg!

After you did this now you are good to go with your OpenSSL stuff. Try openssl version and the error is gone.

Remember that everytime you open a command prompt you have to run the above command unless you set this as your environment variable.

Solve your problem

Your problem could be:

• You set the environment variable into the folder OpenSSL_Win64. It should be maybe in OpenSSL-Win64!
• You forgot maybe to run the command prompt as a Administrator!
• You set the environment variable to the file openssl.cnf but it must be openssl.cfg!

Helpful sites

Read also:

• WARNING: can’t open config file: /usr/local/ssl/openssl.cnf on Windows 7 (another detailed instructions for your problem)
• How To Add/Edit Environment Variables in Windows 7 (helpful if you want set the environment variables forever on your Windows!)

Solution 2

Manually creating an openssl.cnf file in the correct location can solve the problem.

Here is a file template (edit as needed):

#
# OpenSSL configuration file.
#

# Establish working directory.

dir                 = .

[ ca ]
default_ca              = CA_default

[ CA_default ]
serial                  = $dir/serial
database                = $dir/certindex.txt
new_certs_dir               = $dir/certs
certificate             = $dir/cacert.pem
private_key             = $dir/private/cakey.pem
default_days                = 365
default_md              = md5
preserve                = no
email_in_dn             = no
nameopt                 = default_ca
certopt                 = default_ca
policy                  = policy_match

[ policy_match ]
countryName             = match
stateOrProvinceName         = match
organizationName            = match
organizationalUnitName          = optional
commonName              = supplied
emailAddress                = optional

[ req ]
default_bits                = 1024          # Size of keys
default_keyfile             = key.pem       # name of generated keys
default_md              = md5               # message digest algorithm
string_mask             = nombstr       # permitted characters
distinguished_name          = req_distinguished_name
req_extensions              = v3_req

[ req_distinguished_name ]
# Variable name             Prompt string
#-------------------------    ----------------------------------
0.organizationName          = Organization Name (company)
organizationalUnitName          = Organizational Unit Name (department, division)
emailAddress                = Email Address
emailAddress_max            = 40
localityName                = Locality Name (city, district)
stateOrProvinceName         = State or Province Name (full name)
countryName             = Country Name (2 letter code)
countryName_min             = 2
countryName_max             = 2
commonName              = Common Name (hostname, IP, or your name)
commonName_max              = 64

# Default values for the above, for consistency and less typing.
# Variable name             Value
#------------------------     ------------------------------
0.organizationName_default      = My Company
localityName_default            = My Town
stateOrProvinceName_default     = State or Providence
countryName_default         = US

[ v3_ca ]
basicConstraints            = CA:TRUE
subjectKeyIdentifier            = hash
authorityKeyIdentifier          = keyid:always,issuer:always

[ v3_req ]
basicConstraints            = CA:FALSE
subjectKeyIdentifier            = hash

Author by

Somnath

Updated on February 07, 2020