Why I am getting the "error while loading CRL number" error when running OpenSSL "ca -gencrl" command?

If you are running the OpenSSL "ca -gencrl" command installed with the slproweb binary package for Windows, you may get the "error while loading CRL number" error as shown below:

C:\Users\fyicenter>\local\OpenSSL-Win32\bin\openssl.exe

OpenSSL> ca -gencrl -keyfile my_ca.key -cert my_ca.crt
Using configuration from C:\local\OpenSSL-Win32\bin\openssl.cfg
Enter pass phrase for my_ca.key:fyicenter
./demoCA/crlnumber: No such file or directory
error while loading CRL number
2508:error:02001002:system library:fopen:No such file or directory:
   .\crypto\bio\bss_file.c:398:fopen('./demoCA/crlnumber','rb')
2508:error:20074002:BIO routines:FILE_CTRL:system lib:.\crypto\bio\bss_file.c:
   400:error in ca

This error is caused by the "dir=./demoCA" and "crlnumber=$dir/crlnumber" options in the configuration file. These options requires you to have a file called "\demoCA\crlnumber" under the current directory to be used as a CRL number register. You have to set an initial value like "1000" in the file. After that OpenSSL will increment the value each time a new certificate is generated.

Fixing this error is easy. Just create the serial number file: ./demoCA/crlnumber, as shown below:

C:\Users\fyicenter>copy CON demoCA\crlnumber
1000
<Ctrl>-Z
        1 file(s) copied.

C:\Users\fyicenter>dir demoCA\crlnumber
    10:27 PM                 6 crlnumber

Note that the value 1000 is a hexadecimal format, which is 4096 in decimal format.

Also note that press <Ctrl>-Z is to end the input stream to finish the copy command.

⇒ OpenSSL "ca -gencrl" - Generate CRL

⇐ OpenSSL "ca" - Sign the CSR Again

⇑ OpenSSL "ca" Command

⇑⇑ OpenSSL Tutorials