OpenSSL "ca" - "error while loading CRL number"
Why I am getting the "error while loading CRL number" error when running OpenSSL "ca -gencrl" command?
If you are running the OpenSSL "ca -gencrl" command installed with the slproweb binary package for Windows, you may get the "error while loading CRL number" error as shown below:
C:\Users\fyicenter>\local\OpenSSL-Win32\bin\openssl.exe OpenSSL> ca -gencrl -keyfile my_ca.key -cert my_ca.crt Using configuration from C:\local\OpenSSL-Win32\bin\openssl.cfg Enter pass phrase for my_ca.key:fyicenter ./demoCA/crlnumber: No such file or directory error while loading CRL number 2508:error:02001002:system library:fopen:No such file or directory: .\crypto\bio\bss_file.c:398:fopen('./demoCA/crlnumber','rb') 2508:error:20074002:BIO routines:FILE_CTRL:system lib:.\crypto\bio\bss_file.c: 400:error in ca
This error is caused by the "dir=./demoCA" and "crlnumber=$dir/crlnumber" options in the configuration file. These options requires you to have a file called "\demoCA\crlnumber" under the current directory to be used as a CRL number register. You have to set an initial value like "1000" in the file. After that OpenSSL will increment the value each time a new certificate is generated.
Fixing this error is easy. Just create the serial number file: ./demoCA/crlnumber, as shown below:
C:\Users\fyicenter>copy CON demoCA\crlnumber 1000 <Ctrl>-Z 1 file(s) copied. C:\Users\fyicenter>dir demoCA\crlnumber 10:27 PM 6 crlnumber
Note that the value 1000 is a hexadecimal format, which is 4096 in decimal format.
Also note that press <Ctrl>-Z is to end the input stream to finish the copy command.
2016-09-10, 3439👍, 0💬
Certificate Summary: Subject: SwissSign Silver CA - G2 Issuer: SwissSign Silver CA - G2 Expiration: ...
Certificate summary - Owner: Google Internet Authority, Google Inc, US Issuer: Equifax Secure Certif...
How to create my private key and store it in a file using "makecert.exe"? If you want to create a pr...
How can I get a X.509 certificate file to play with OpenSSL commands "x509" command? If you have no ...
How to get a list of all certificates with more details in "Personal" certificate store using "certm...