WARNING: can't open config file: ./bin/openssl.cnf
Explaining your problem
This error occurs mainly on Windows computers when you are using OpenSSL package or the Windows installer!
The reason is that OpenSSL failed to locate the openssl.cnf file!
Step-by-Step instructions
I will recommend that you do the following (windows only):
Open your command prompt as Administrator (few OpenSSL commands opens in random state), thus when OpenSSL tries to write stuff on your disk it fails.
Now before you run any OpenSSL command type the following:
set OPENSSL_CONF=c:\[PATH TO YOUR OPENSSL DIRECTORY]\bin\openssl.cfg
- A sample path is:
C:\OpenSSL-Win32\bin\openssl.cfg
. For Windows (x64-bit) useC:\OpenSSL-Win64\bin\openssl.cfg
!
- A sample path is:
After you did this now you are good to go with your OpenSSL stuff. Try openssl version
and the error is gone.
Remember that everytime you open a command prompt you have to run the above command unless you set this as your environment variable.
Solve your problem
Your problem could be:
- You set the environment variable into the folder
OpenSSL_Win64
. It should be maybe inOpenSSL-Win64
! - You forgot maybe to run the command prompt as a Administrator!
- You set the environment variable to the file
openssl.cnf
but it must beopenssl.cfg
!
Helpful sites
Read also:
- WARNING: can’t open config file: /usr/local/ssl/openssl.cnf on Windows 7 (another detailed instructions for your problem)
- How To Add/Edit Environment Variables in Windows 7 (helpful if you want set the environment variables forever on your Windows!)
Manually creating an openssl.cnf file in the correct location can solve the problem.
Here is a file template (edit as needed):
## OpenSSL configuration file.## Establish working directory.dir = .[ ca ]default_ca = CA_default[ CA_default ]serial = $dir/serialdatabase = $dir/certindex.txtnew_certs_dir = $dir/certscertificate = $dir/cacert.pemprivate_key = $dir/private/cakey.pemdefault_days = 365default_md = md5preserve = noemail_in_dn = nonameopt = default_cacertopt = default_capolicy = policy_match[ policy_match ]countryName = matchstateOrProvinceName = matchorganizationName = matchorganizationalUnitName = optionalcommonName = suppliedemailAddress = optional[ req ]default_bits = 1024 # Size of keysdefault_keyfile = key.pem # name of generated keysdefault_md = md5 # message digest algorithmstring_mask = nombstr # permitted charactersdistinguished_name = req_distinguished_namereq_extensions = v3_req[ req_distinguished_name ]# Variable name Prompt string#------------------------- ----------------------------------0.organizationName = Organization Name (company)organizationalUnitName = Organizational Unit Name (department, division)emailAddress = Email AddressemailAddress_max = 40localityName = Locality Name (city, district)stateOrProvinceName = State or Province Name (full name)countryName = Country Name (2 letter code)countryName_min = 2countryName_max = 2commonName = Common Name (hostname, IP, or your name)commonName_max = 64# Default values for the above, for consistency and less typing.# Variable name Value#------------------------ ------------------------------0.organizationName_default = My CompanylocalityName_default = My TownstateOrProvinceName_default = State or ProvidencecountryName_default = US[ v3_ca ]basicConstraints = CA:TRUEsubjectKeyIdentifier = hashauthorityKeyIdentifier = keyid:always,issuer:always[ v3_req ]basicConstraints = CA:FALSEsubjectKeyIdentifier = hash
When install the application penSSL_Win64, will be located in C:\Program Files\OpenSSL-Win64 so , you need to set to this path with a console command and write:set OPENSSL_CONF=C:\Program Files\OpenSSL-Win64\bin\openssl.cfg