OpenSSL tool shows error - 'Unable to load config info from <path> error in req'
OpenSSL> req -new -newkeyrsa:1024 -nodes -keyoutmykey.pem -out myreq.pem Unable to load config info from c: openssl/ssl/openssl.cnf error in req
This happens as it has been looking for openssl.cnf file to load the config.bin, openssl.cnf would be located in the folder you extract the .zip file to.
Thus we need to specify the path mentioned below using additional parameter -config :
OpenSSL> req -new -newkeyrsa:1024 -nodes -keyoutmykey.pem -out myreq.pem -config "C:\Users\test\downloads\bin\openssl.cnf" Loading 'screen' into random state - done Generating a 1024 bit RSA private key
writing new private key to 'mykey.pem'
Enter information in Certificate Signing Request (CSR)
Generate a CSR
Complete these stepsin order to generate a CSR:
Install and open the OpenSSLapplication. In Windows, by default, openssl.exe is located at C:\ > openssl > bin.
Note:OpenSSL 0.9.8 is required as the WLC does not currently support OpenSSL 1.0.
Note: WLCs support a maximum key size of 2048 bits.
After you issue the command, there is a prompt for some information: country name, state, city, and so forth.
Provide the required information.
It is important that you provide the correct Common Name. Ensure that the host name that is used to create the certificate (Common Name) matches the Domain Name System (DNS) host name entry for the virtual interface IP on the WLC and that the name exists in the DNS as well. Also, after you make the change to the VIP interface, you must reboot the system in order for this change to take effect.
Here is an example:
OpenSSL>req -new -newkey rsa:1024 -nodes -keyout mykey.pem -out myreq.pemLoading 'screen' into random state - done Generating a 1024 bit RSA private key
----- You are about to be asked to enter information that will be incorporated into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank.
----- Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:CA Locality Name (eg, city) :San Jose Organization Name (eg, company) [Internet Widgits Pty Ltd]:ABC Organizational Unit Name (eg, section) :CDE Common Name (eg, YOUR name) :XYZ.ABC Email Address :Test@abc.comPlease enter the following 'extra' attributes to be sent with your certificate request A challenge password :Test123 An optional company name : OpenSSL>
After you provide all the required details, two files are generated:
a new private key that includes the name mykey.pem
a CSR that includes the namemyreq.pem
Copy and paste the CSR information into any CA enrollment tool.
After you submit the CSR to the third-party CA, the third-party CA digitally signs the certificate and sends back the signed certificate chain through e-mail. In case of chained certificates, you receive the entire chain of certificates from the CA. If you only have one intermediate certificate in our example, you receive these three certificates from the CA:
Note: Make sure that the certificate is Apache compatible with SHA1 encryption
Once you have all the three certificates, copy and paste into another file the contents of each .pem file in this order:
Combine the All-certs.pem certificate with the private key that you generated along with the CSR (the private key of the device certificate, which is mykey.pem in this example), and save the file as final.pem.
Issue these commands in the OpenSSL application in order to create the All-certs.pem and final.pem files:
In this command, you must enter a password for the parameters -passin and -passout . The password that is configured for the -passout parameter must match the certpasswordparameter that is configured on the WLC. In this example, the password that is configured for both the-passin and -passout parameters is check123.
final.pemis the file that we need to download to the Wireless LAN Controller. The next step is to download this file to the WLC.
The following error has been cropping up on OpenSSL 0.9.8 installs when the user is attempting to create a Certificate Signing Request (CSR) for the WLC:
Привет, кто нибудь тестил Fast Transition на WLC, Over the DC или Over the AIR, что лучше использовать на площадке с контроллером? в режиме Flex connect понятно что Over the AIR с высокой задержкой до контроллера
Hello, I am trying to resolve a problem with a new network. I have a 240ac access point operating normally. But when I have tried to add a 142acm mesh extender using the app even after zero day setup in keeps cycling through led colors after spending...
Dear Sir/Ma'am,we have one cisco AIR-AP1832i-D-K9 access point., we changed this access point firmware as mobility express(AIR-AP1830-K9-8-10-151-0) but after that AP was continued are going to reboot. in this case, we need your help.why I am changin...
Hi all,I have a pair of 2504's running sucessfully for the past 3 years as a HA N+1 with 4 x 2602 AP's. Both 2504's have dual uplinks to a pair of 3560 switches (so they would be Active / Passive uplinks). One uplink on the primary controller ...