OpenSSL "ca" - "error while loading serial number"

Q

Why I am getting the "error while loading serial number" error when running OpenSSL "ca" command?

✍: FYIcenter.com

A

If you are running the OpenSSL "ca" command installed with the slproweb binary package for Windows, you may get the "error while loading serial number" error as shown below:

C:\Users\fyicenter>\local\OpenSSL-Win32\bin\openssl.exe

OpenSSL> ca -in test.csr -keyfile my_ca.key -cert my_ca.crt
Using configuration from C:\local\OpenSSL-Win32\bin\openssl.cfg
Enter pass phrase for my_ca.key:
./demoCA/serial: No error
error while loading serial number
5016:error:02001002:system library:fopen:No such file or directory:
   .\crypto\bio\bss_file.c:398:fopen('./demoCA/serial','rb')
5016:error:20074002:BIO routines:FILE_CTRL:system lib:.\crypto\bio\bss_file.c:400:
error in ca

This error is caused by the "dir=./demoCA" and "serial=$dir/serial" options in the configuration file. These options requires you to have a file called "\demoCA\serial" under the current directory to be used as a serial number register. You have to set an initial value like "1000" in the file. After that OpenSSL will increment the value each time a new certificate is generated.

Fixing this error is easy. Just create the serial number file: ./demoCA/serial, as shown below:

C:\Users\fyicenter>copy CON demoCA\serial
1000
<Ctrl>-Z
        1 file(s) copied.

C:\Users\fyicenter>dir demoCA\serial
    10:27 PM                 6 index.txt

Note that the value 1000 is a hexadecimal format, which is 4096 in decimal format.

Also note that press <Ctrl>-Z is to end the input stream to finish the copy command.

 

OpenSSL "ca" Command

⇒⇒OpenSSL Tutorials

2016-09-13, 5837👍, 0💬