I am following these guidelines to generate self-signed certificates with OpenSSL.
I am under Windows 10. My working directory is as follows:
PS E:\Certificats\predix\root\ca> ls
    Directory: E:\Certificats\predix\root\ca
Mode                LastWriteTime         Length Name
----                -------------         ------ ----
d-----         9/1/2016  11:57 AM                certs
d-----         9/1/2016  11:55 AM                crl
d-----         9/1/2016  12:00 PM                intermediate
d-----         9/1/2016  11:55 AM                newcerts
d-----         9/1/2016  11:56 AM                private
-a----         9/1/2016  11:55 AM              2 index.txt
-a----         9/1/2016  11:56 AM           4306 openssl.cnf
-a----         9/1/2016  11:55 AM             14 serial
After several steps in the guideline, when I type
openssl ca -config openssl.cnf -extensions v3_intermediate_ca -days 3650 -notext -md s
I get the following error
Using configuration from openssl.cnf
Enter pass phrase for ./private/ca.key.pem:
unable to load number from ./serial
error while loading serial number
12944:error:0D066096:asn1 encoding routines:a2i_ASN1_INTEGER:short line:.\crypto\asn1\f_int.c:212:
PS E:\Certificats\predix\root\ca> openssl ca -config openssl.cnf -extensions v3_intermediate_ca -days 3650 -notext -md sha256 -in intermediate/csr/intermediate.csr.pem  -out intermediate/certs/intermediate.cert.pem
Using configuration from openssl.cnf
telling me that it has some issue reading the serial file.
The content of serial is
1000
Does anyone have a fix for this ? The file exists and its pathname in the conf file is the correct...
When using the SSL for non-production applications or other experiments you can use a self-signed SSL certificate. Though the certificate implements full encryption, visitors to your site will see a browser warning indicating that the certificate should not be trusted.
To Create self-signed SSL certificate on Windows system using OpenSSL follow below Steps. First install the OpenSSL. 1. To create the self-signed SSL certificate first you have to install the OpenSSL application in your windows system. You can download the application from here. Install the software in “C:Program FilesOpenSSL-Win64” location.
The following steps tell you how to create two self-signed certificates. Step 1 - Create a key for the first certificate openssl genpkey -out device1.key -algorithm RSA -pkeyopt rsa_keygen_bits:2048 Step 2 - Create a CSR for the first certificate. Make sure that you specify the device ID when prompted.
If you know those two OpenSSL commands, you can create as many certificates as you like. The export to pfx step is a tricky one, but as soon as you know that command as well, it is much simpler than the mmc alternative. Loading...
Provide the Device ID that matches the subject name of your two certificates. Select the X.509 Self-Signed authentication type. Paste the hex string thumbprints that you copied from your device primary and secondary certificates.
Solved the issue myself: I created the serial file using
echo 00 > serial
which produced a Unicode file while openssl was expecting an ANSI file.
For others that still received the error after applying the suggested answer of:
PS> echo 00 > serial
unable to load number from ./serial
error while loading serial number
29488:error:0D066096:asn1 encoding routines:a2i_ASN1_INTEGER:short line:crypto\asn1\f_int.c:140:
I was able to fix this by running the same command in Git Bash terminal. This placed the file in the appropriate format for openssl.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With