September 27, 2020

OpenSSL - WARNING: can't open config file: C:/OpenSSL/openssl.cnf

After installing openssl, we have to set the path for its config file. Otherwise it will keep giving a warning message for any command we run. For example you are trying to run this command to generate private key.

openssl genrsa -out mycertificate.key 4096

It will give you following warning message:

WARNING: can't open config file: C:/OpenSSL/openssl.cnf
Generating RSA private key, 4096 bit long modulus
......................++
.....................................................++
unable to write 'random state'
e is 65537 (0x10001)

To fix this issue, we have to tell openssl where to find its .cnf file.

We can do this by one of the following ways.

  • Before starting to create private keys or CSR from openssl command prompt, run this command to set is config file path.
    set OPENSSL_CONF=C:\OpenSSL\bin\openssl.cnf
    You can find this cnf file inside bin folder, at the root of the path where you have installed openssl.
  • Set the same variable OPENSSL_CONF in the Windows environment variables, with the path to the config file at your system.
  • You can use -config parameter to append the config file path with each command you run from openssl. i.e.
    openssl ....................  -config C:\OpenSSL\bin\openssl.cnf
  • If you are using powershell, you can set environment variable like this:
    $env:OPENSSL_CONF = "C:\OpenSSL\bin\openssl.cnf"

2 comments:

  1. This comment has been removed by a blog administrator.

    ReplyDelete
  2. Great instructions, was able to generate my cert.
    Trick was to manually mention the cnf file location

    ReplyDelete