Categories:
Android (13)
Apple Mac (27)
DH Keys (39)
DSA Keys (70)
EC Keys (976)
Firefox (30)
General (10)
Google Chrome (25)
Intermediate CA (152)
Java VM (29)
JDK Keytool (28)
Microsoft CertUtil (29)
Microsoft Edge (9)
Mozilla CertUtil (21)
OpenSSL (236)
Other (7)
Portecle (38)
Publishers (3310)
Revoked Certificates (16)
Root CA (85)
RSA Keys (2655)
Tools (46)
Tutorial (1)
What Is (22)
Windows (127)
Collections:
Other Resources:
OpenSSL "ca" Error "cannot lookup how many days ..."
Why I am getting the "cannot lookup how many days to certify for" error when running OpenSSL "ca" command?
✍: FYIcenter.com
You are getting the "cannot lookup how many days to certify for" error,
because OpenSSL "ca" command can not find the required "default_days" option
in the configuration file.
For example, if you have the follow configuration file, test.cnf, without "default_days" option defined:
# Unnamed section of generic options # section for the "default_ca" option [ca] default_ca = my_ca_default # default section for "ca" command options [my_ca_default] new_certs_dir = ./my_ca/certs database = ./my_ca/certs.db default_md = md5 policy = my_ca_policy serial = ./my_ca/certs.seq
You will get an error, because "default_days" is a required option:
C:\Users\fyicenter>\local\OpenSSL-Win32\bin\openssl.exe OpenSSL> ca -in test.csr -keyfile my_ca.key -cert my_ca.crt -config test.cnf Using configuration from test.cnf Enter pass phrase for my_ca.key: cannot lookup how many days to certify for 4420:error:0E06D06C:configuration file routines:NCONF_get_string:no value: .\crypto\conf\conf_lib.c:324:group=my_ca_default name=default_days error in ca
Fixing this error is easy. Just add the "default_days" option in the section pointed by the "default_ca" option in the configuration file:
# Unnamed section of generic options # section for the "default_ca" option [ca] default_ca = my_ca_default # default section for "ca" command options [my_ca_default] new_certs_dir = ./my_ca/certs database = ./my_ca/certs.db default_md = md5 policy = my_ca_policy serial = ./my_ca/certs.seq default_days = 365
"default_days = 365" tells OpenSSl "ca" command to generate certificate valid for 365 days only.
⇒ OpenSSL "policy" Options for "ca" Command
2016-09-08, 4109👍, 0💬
Popular Posts:
Why I am getting an error: "CryptoException: Could not save keystore"? when exporting my 4096-bit ke...
Certificate summary - Owner: thawte Primary Root CA, "(c) 2006 thawte, Inc. - For authorized use onl...
Certificate summary - Owner: imgur.com, Domain Control Validated - QuickSSL(R) Premium, See www.geot...
How to import a certificate from a certificate file into a new certificate store with Microsoft "cer...
What is Symantec.com CSR Checker? Symantec.com CSR Checker is an online tool that checks to sse if a...