OpenSSL tool shows error - 'Unable to load config info from <path> error in req'
OpenSSL> req -new -newkeyrsa:1024 -nodes -keyoutmykey.pem -out myreq.pem Unable to load config info from c: openssl/ssl/openssl.cnf error in req
This happens as it has been looking for openssl.cnf file to load the config.bin, openssl.cnf would be located in the folder you extract the .zip file to.
Thus we need to specify the path mentioned below using additional parameter -config :
OpenSSL> req -new -newkeyrsa:1024 -nodes -keyoutmykey.pem -out myreq.pem -config "C:\Users\test\downloads\bin\openssl.cnf" Loading 'screen' into random state - done Generating a 1024 bit RSA private key
writing new private key to 'mykey.pem'
Enter information in Certificate Signing Request (CSR)
Generate a CSR
Complete these stepsin order to generate a CSR:
Install and open the OpenSSLapplication. In Windows, by default, openssl.exe is located at C:\ > openssl > bin.
Note:OpenSSL 0.9.8 is required as the WLC does not currently support OpenSSL 1.0.
Note: WLCs support a maximum key size of 2048 bits.
After you issue the command, there is a prompt for some information: country name, state, city, and so forth.
Provide the required information.
It is important that you provide the correct Common Name. Ensure that the host name that is used to create the certificate (Common Name) matches the Domain Name System (DNS) host name entry for the virtual interface IP on the WLC and that the name exists in the DNS as well. Also, after you make the change to the VIP interface, you must reboot the system in order for this change to take effect.
Here is an example:
OpenSSL>req -new -newkey rsa:1024 -nodes -keyout mykey.pem -out myreq.pemLoading 'screen' into random state - done Generating a 1024 bit RSA private key
----- You are about to be asked to enter information that will be incorporated into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank.
----- Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:CA Locality Name (eg, city) :San Jose Organization Name (eg, company) [Internet Widgits Pty Ltd]:ABC Organizational Unit Name (eg, section) :CDE Common Name (eg, YOUR name) :XYZ.ABC Email Address :Test@abc.comPlease enter the following 'extra' attributes to be sent with your certificate request A challenge password :Test123 An optional company name : OpenSSL>
After you provide all the required details, two files are generated:
a new private key that includes the name mykey.pem
a CSR that includes the namemyreq.pem
Copy and paste the CSR information into any CA enrollment tool.
After you submit the CSR to the third-party CA, the third-party CA digitally signs the certificate and sends back the signed certificate chain through e-mail. In case of chained certificates, you receive the entire chain of certificates from the CA. If you only have one intermediate certificate in our example, you receive these three certificates from the CA:
Note: Make sure that the certificate is Apache compatible with SHA1 encryption
Once you have all the three certificates, copy and paste into another file the contents of each .pem file in this order:
Combine the All-certs.pem certificate with the private key that you generated along with the CSR (the private key of the device certificate, which is mykey.pem in this example), and save the file as final.pem.
Issue these commands in the OpenSSL application in order to create the All-certs.pem and final.pem files:
In this command, you must enter a password for the parameters -passin and -passout . The password that is configured for the -passout parameter must match the certpasswordparameter that is configured on the WLC. In this example, the password that is configured for both the-passin and -passout parameters is check123.
final.pemis the file that we need to download to the Wireless LAN Controller. The next step is to download this file to the WLC.
The following error has been cropping up on OpenSSL 0.9.8 installs when the user is attempting to create a Certificate Signing Request (CSR) for the WLC:
HI I have a pair of controllers connecting to a pair of mobility anchors.While one controller establishes connection to both controllers, the second has both controller and path down for both anchors.Checked the firewall and found incomplete arp entr...
Hello all.I currently have a single 5520 WLC running 18.104.22.168. It's being asked to run APs in the -B and -E regulatory domains however my reading tells me that mesh APs will face some challenges if the WLC is set to support multiple countries. We cu...
We are looking to deploy another 1562E-B-K9 to a light pole in the middle of a parking lot. We will have a multi-mode fiber running and street light providing power to the device, leaving the Ethernet port open. Is it possible then to use the vacant ...
I'm trying to upgrade MY ME 3802i to the latest Release 22.214.171.124. I get "tar: write error: No space left on device" on the 3802 but it completes the download for other 3702 APs.Any recommendations?Currently running 126.96.36.199, which is not a recomm...
Hello, I recently purchased three Aironet 1815i Access Points. I was able to get them configured out of the box and it appeared everything was up and running. I am using version 8-5-161-0 and using Mobility Express. I was adding additi...