OpenSSL "ca" Error "... directory for new certificate ..."

Q

Why I am getting the "there needs to be defined a directory for new certificate to be placed in" error when running OpenSSL "ca" command?

✍: FYIcenter.com

A

You are getting the "there needs to be defined a directory for new certificate to be placed in" error, because OpenSSL "ca" command can not find the required "new_certs_dir" option in the configuration file.

For example, if you have the follow configuration file, test.cnf, without "new_certs_dir" option defined:

C:\Users\fyicenter>type test.cnf
# Unnamed section of generic options

# section for the "default_ca" option
[ca]
default_ca    = my_ca_default

You will get an error, because "new_certs_dir" is a required option:

C:\Users\fyicenter>\local\OpenSSL-Win32\bin\openssl.exe

OpenSSL> ca -in test.csr -keyfile my_ca.key -cert my_ca.crt -config test.cnf
Using configuration from test.cnf
Enter pass phrase for my_ca.key:fyicenter
there needs to be defined a directory for new certificate to be placed in
5956:error:0E06D06C:configuration file routines:NCONF_get_string:
   no value:.\crypto\conf\conf_lib.c:324:group=my_ca_default name=new_certs_dir
error in ca

Fixing this error is easy. Just add the "new_certs_dir" option in the section pointed by the "default_ca" option in the configuration file:

C:\Users\fyicenter>type test.cnf
# Unnamed section of generic options

# section for the "default_ca" option
[ca]
default_ca    = my_ca_default

# default section for "ca" command options
[my_ca_default]
new_certs_dir = ./my_ca/certs

Remember to create directory .\my_ca\certs, if it does not exist. A copy of each new certificate will be stored in this directory.

 

OpenSSL "ca" Error "lookup failed for ca::database"

OpenSSL "ca" Error "lookup failed for ca::default_ca"

OpenSSL "ca" Command

⇑⇑ OpenSSL Tutorials

2016-09-09, 3906👍, 0💬