OpenSSL "ca" - "error while loading CRL number"
Why I am getting the "error while loading CRL number" error when running OpenSSL "ca -gencrl" command?
If you are running the OpenSSL "ca -gencrl" command installed with the slproweb binary package for Windows, you may get the "error while loading CRL number" error as shown below:
C:\Users\fyicenter>\local\OpenSSL-Win32\bin\openssl.exe OpenSSL> ca -gencrl -keyfile my_ca.key -cert my_ca.crt Using configuration from C:\local\OpenSSL-Win32\bin\openssl.cfg Enter pass phrase for my_ca.key:fyicenter ./demoCA/crlnumber: No such file or directory error while loading CRL number 2508:error:02001002:system library:fopen:No such file or directory: .\crypto\bio\bss_file.c:398:fopen('./demoCA/crlnumber','rb') 2508:error:20074002:BIO routines:FILE_CTRL:system lib:.\crypto\bio\bss_file.c: 400:error in ca
This error is caused by the "dir=./demoCA" and "crlnumber=$dir/crlnumber" options in the configuration file. These options requires you to have a file called "\demoCA\crlnumber" under the current directory to be used as a CRL number register. You have to set an initial value like "1000" in the file. After that OpenSSL will increment the value each time a new certificate is generated.
Fixing this error is easy. Just create the serial number file: ./demoCA/crlnumber, as shown below:
C:\Users\fyicenter>copy CON demoCA\crlnumber 1000 <Ctrl>-Z 1 file(s) copied. C:\Users\fyicenter>dir demoCA\crlnumber 10:27 PM 6 crlnumber
Note that the value 1000 is a hexadecimal format, which is 4096 in decimal format.
Also note that press <Ctrl>-Z is to end the input stream to finish the copy command.
2016-09-10, 5930👍, 0💬
How to download Portecle and install it for Windows or Linux? If you want to use Portecle to generat...
Certificate Summary: Subject: Cybertrust Japan Public CA G3 Issuer: Baltimore CyberTrust Root Expira...
How to export my private key and public key pair with it's certificates into a PKCS #12 keystore fil...
How to import a CA (Certificate Authority) reply into a keystore key pair entry with Portecle? To im...
Certificate summary - Owner: VeriSign Class 3 Public Primary Certification Authority - G5, "(c) 2006...