Categories:
Android (13)
Apple Mac (27)
DH Keys (39)
DSA Keys (71)
EC Keys (2095)
Firefox (30)
General (10)
Google Chrome (25)
Intermediate CA (152)
Java VM (29)
JDK Keytool (28)
Microsoft CertUtil (29)
Microsoft Edge (9)
Mozilla CertUtil (21)
OpenSSL (236)
Other (7)
Portecle (38)
Publishers (6025)
Revoked Certificates (16)
Root CA (85)
RSA Keys (4920)
Tools (46)
Tutorial (1)
What Is (22)
Windows (127)
Collections:
Other Resources:
OpenSSL "ca" Error "lookup failed for ca::serial"
Why I am getting the "variable lookup failed for ca::serial" error when running OpenSSL "ca" command?
✍: FYIcenter.com
You are getting the "variable lookup failed for ca::serial" error,
because OpenSSL "ca" command can not find the required "serial" option
in the configuration file.
For example, if you have the follow configuration file, test.cnf, without "serial" option defined:
# Unnamed section of generic options # section for the "default_ca" option [ca] default_ca = my_ca_default # default section for "ca" command options [my_ca_default] new_certs_dir = ./my_ca/certs database = ./my_ca/certs.db default_md = md5 policy = my_ca_policy
You will get an error, because "serial" is a required option:
C:\Users\fyicenter>\local\OpenSSL-Win32\bin\openssl.exe OpenSSL> ca -in test.csr -keyfile my_ca.key -cert my_ca.crt -config test.cnf Using configuration from test.cnf Enter pass phrase for my_ca.key:fyicenter variable lookup failed for my_ca_default::serial 5816:error:02001002:system library:fopen:No such file or directory: .\crypto\bio\bss_file.c:175:fopen('./my_ca/certs.db.attr','rb') 5816:error:2006D080:BIO routines:BIO_new_file:no such file:.\crypto\bio\bss_file.c:178: 5816:error:0E078072:configuration file routines:DEF_LOAD:no such file: .\crypto\conf\conf_def.c:195: 5816:error:0E06D06C:configuration file routines:NCONF_get_string:no value: .\crypto\conf\conf_lib.c:324:group=my_ca_default name=email_in_dn 5816:error:0E06D06C:configuration file routines:NCONF_get_string:no value: .\crypto\conf\conf_lib.c:324:group=my_ca_default name=serial error in ca
Fixing this error is easy. Just add the "serial" option in the section pointed by the "default_ca" option in the configuration file:
# Unnamed section of generic options # section for the "default_ca" option [ca] default_ca = my_ca_default # default section for "ca" command options [my_ca_default] new_certs_dir = ./my_ca/certs database = ./my_ca/certs.db default_md = md5 policy = my_ca_policy serial = ./my_ca/certs.seq
Remember to create .\my_ca\certs.seq file with "10", if it does not exist. The serial number file holds the serial number for the next new certificate.
⇒ OpenSSL "ca" Error "cannot lookup how many days ..."
2016-09-08, 8507👍, 0💬
Popular Posts:
How to use the "keytool -genkeypair" command? I want to generate a pair of public key and private ke...
How to generate a new EC key pair with a longer key size using OpenSSL "genpkey" command? If you nee...
Certificate summary - Owner: PositiveSSL CA, Comodo CA Limited, L=Salford, ST=Greater Manchester, GB...
Are you having Internet security certificate problems with a Web browser or an application? Welcome ...
Certificate Summary: Subject: TC TrustCenter Class 2 CA II Issuer: TC TrustCenter Class 2 CA II Expi...