OpenSSL "ca" Error "cannot lookup how many days ..."
Why I am getting the "cannot lookup how many days to certify for" error when running OpenSSL "ca" command?
✍: FYIcenter.com
You are getting the "cannot lookup how many days to certify for" error,
because OpenSSL "ca" command can not find the required "default_days" option
in the configuration file.
For example, if you have the follow configuration file, test.cnf, without "default_days" option defined:
# Unnamed section of generic options # section for the "default_ca" option [ca] default_ca = my_ca_default # default section for "ca" command options [my_ca_default] new_certs_dir = ./my_ca/certs database = ./my_ca/certs.db default_md = md5 policy = my_ca_policy serial = ./my_ca/certs.seq
You will get an error, because "default_days" is a required option:
C:\Users\fyicenter>\local\OpenSSL-Win32\bin\openssl.exe OpenSSL> ca -in test.csr -keyfile my_ca.key -cert my_ca.crt -config test.cnf Using configuration from test.cnf Enter pass phrase for my_ca.key: cannot lookup how many days to certify for 4420:error:0E06D06C:configuration file routines:NCONF_get_string:no value: .\crypto\conf\conf_lib.c:324:group=my_ca_default name=default_days error in ca
Fixing this error is easy. Just add the "default_days" option in the section pointed by the "default_ca" option in the configuration file:
# Unnamed section of generic options # section for the "default_ca" option [ca] default_ca = my_ca_default # default section for "ca" command options [my_ca_default] new_certs_dir = ./my_ca/certs database = ./my_ca/certs.db default_md = md5 policy = my_ca_policy serial = ./my_ca/certs.seq default_days = 365
"default_days = 365" tells OpenSSl "ca" command to generate certificate valid for 365 days only.
⇒ OpenSSL "policy" Options for "ca" Command
2016-09-08, 1653👍, 0💬
Related Topics: