Categories:
Android (13)
Apple Mac (27)
DH Keys (39)
DSA Keys (70)
EC Keys (853)
Firefox (30)
General (10)
Google Chrome (25)
Intermediate CA (152)
Java VM (29)
JDK Keytool (28)
Microsoft CertUtil (29)
Microsoft Edge (9)
Mozilla CertUtil (21)
OpenSSL (236)
Other (7)
Portecle (38)
Publishers (3080)
Revoked Certificates (16)
Root CA (85)
RSA Keys (2483)
Tools (46)
Tutorial (1)
What Is (22)
Windows (127)
Collections:
Other Resources:
OpenSSL "ca" - "error while loading CRL number"
Why I am getting the "error while loading CRL number" error when running OpenSSL "ca -gencrl" command?
✍: FYIcenter.com
If you are running the OpenSSL "ca -gencrl" command installed
with the slproweb binary package for Windows,
you may get the "error while loading CRL number" error as shown below:
C:\Users\fyicenter>\local\OpenSSL-Win32\bin\openssl.exe OpenSSL> ca -gencrl -keyfile my_ca.key -cert my_ca.crt Using configuration from C:\local\OpenSSL-Win32\bin\openssl.cfg Enter pass phrase for my_ca.key:fyicenter ./demoCA/crlnumber: No such file or directory error while loading CRL number 2508:error:02001002:system library:fopen:No such file or directory: .\crypto\bio\bss_file.c:398:fopen('./demoCA/crlnumber','rb') 2508:error:20074002:BIO routines:FILE_CTRL:system lib:.\crypto\bio\bss_file.c: 400:error in ca
This error is caused by the "dir=./demoCA" and "crlnumber=$dir/crlnumber" options in the configuration file. These options requires you to have a file called "\demoCA\crlnumber" under the current directory to be used as a CRL number register. You have to set an initial value like "1000" in the file. After that OpenSSL will increment the value each time a new certificate is generated.
Fixing this error is easy. Just create the serial number file: ./demoCA/crlnumber, as shown below:
C:\Users\fyicenter>copy CON demoCA\crlnumber 1000 <Ctrl>-Z 1 file(s) copied. C:\Users\fyicenter>dir demoCA\crlnumber 10:27 PM 6 crlnumber
Note that the value 1000 is a hexadecimal format, which is 4096 in decimal format.
Also note that press <Ctrl>-Z is to end the input stream to finish the copy command.
⇒ OpenSSL "ca -gencrl" - Generate CRL
2016-09-10, 5930👍, 0💬
Popular Posts:
How to download Portecle and install it for Windows or Linux? If you want to use Portecle to generat...
Certificate Summary: Subject: Cybertrust Japan Public CA G3 Issuer: Baltimore CyberTrust Root Expira...
How to export my private key and public key pair with it's certificates into a PKCS #12 keystore fil...
How to import a CA (Certificate Authority) reply into a keystore key pair entry with Portecle? To im...
Certificate summary - Owner: VeriSign Class 3 Public Primary Certification Authority - G5, "(c) 2006...