OpenSSL "ca" Error "lookup failed for ca::default_ca"

Q

Why I am getting the "variable lookup failed for ca::default_ca" error when running OpenSSL "ca" command?

✍: FYIcenter.com

A

You are getting the "variable lookup failed for ca::default_ca" error, because OpenSSL "ca" command can not find the required "default_ca" option in the configuration file.

For example, if you have the follow configuration file, test.cnf, without "default_ca" option defined: 

C:\Users\fyicenter>type test.cnf
# Unnamed section of generic options
default_md    = md5

You will get an error, because "default_ca" is a required option: 

C:\Users\fyicenter>\local\OpenSSL-Win32\bin\openssl.exe

OpenSSL> ca -in test.csr -keyfile my_ca.key -cert my_ca.crt -config test.cnf
Using configuration from test.cnf
variable lookup failed for ca::default_ca
5956:error:0E06D06C:configuration file routines:NCONF_get_string:
   no value:.\crypto\conf\conf_lib.c:324:group=ca name=default_ca
error in ca

Fixing this error is easy. Just add the "default_ca" option in the unnamed section or in the [ca] section of the configuration file: 

C:\Users\fyicenter>type test.cnf
# Unnamed section of generic options

# section for the "default_ca" option
[ca]
default_ca    = my_ca_default

 

OpenSSL "ca" Command

⇒⇒OpenSSL Tutorials

2016-09-09, 8982👍, 0💬

Firefox General Google Chrome IE (Internet Explorer) Intermediate CA Java VM JDK Keytool Microsoft CertUtil Mozilla CertUtil OpenSSL Other Portecle Public Private Key Publishers Revoked Certificates Root CA Tools Tutorial What Is Windows