search

neurobin / gencsr

Simple CSR generator
https://neurobin.org/projects/softwares/unix/gencsr/
Other
10 stars 5 forks source link

no value #1

Closed online-stuff closed 7 years ago

online-stuff commented 7 years ago

Not good with text boxes, so hopefully this is readable..

Trying to use your script. Very clean, very simple, I like it..

However it is not working, getting 139739889416008:error:0E06D06C:configuration file routines:NCONF_get_string:no value:conf_lib.c:335:group=req name=distinguished_name`

gencsr.conf

[root@mimic gencsr-release]# cat gencsr.conf
############# gencsr config file #####################
# Do not use quotation marks (', "")
# To prevent any entry being included, comment them
# by adding a # at the beginning
######################################################
CountryCode=US                              # Put two character country code
State=US                              # Put state name
Locality=US                           # Put city name
Oraganization=VoIP               # Put organization name
OraganizationUnit=Cisco Provisioning    # Put organization unit name
Email=mymail@somedomain.com                 # Put email address
[root@mimic gencsr-release]#

[root@mimic gencsr-release]# 
[root@mimic gencsr-release]# ls
dom.key  dom.list  gencsr  gencsr.conf  key_file  LICENSE  README.md
[root@mimic gencsr-release]#
./gencsr
Creating new key file: dom.key
Generating RSA private key, 4096 bit long modulus
.............................................................................................................................................................++
...........++
e is 65537 (0x10001)
Successfully created key file: dom.key
cat: /etc/ssl/openssl.cnf: No such file or directory
unable to find 'distinguished_name' in config
problems making Certificate Request
139739889416008:error:0E06D06C:configuration file routines:NCONF_get_string:no value:conf_lib.c:335:group=req name=distinguished_name
E: Failed to create CSR file!
[root@mimic gencsr-release]#
[root@mimic gencsr-release]#
[root@mimic gencsr-release]# ./gencsr -n -ks 2048 -k key_file -df dom.list -c gencsr.conf -csr csr_file.csr
Creating new key file: key_file
Generating RSA private key, 2048 bit long modulus
.........+++
........+++
e is 65537 (0x10001)
Successfully created key file: key_file
cat: /etc/ssl/openssl.cnf: No such file or directory
unable to find 'distinguished_name' in config
problems making Certificate Request
140611789330248:error:0E06D06C:configuration file routines:NCONF_get_string:no value:conf_lib.c:335:group=req name=distinguished_name
E: Failed to create CSR file!
[root@mimic gencsr-release]#
[root@mimic gencsr-release]#

dom.key file is being created each time, .csr file is not.. I am deleting the dom.key file between runs.

Suggestion: Would be nice to specify a key size without needing to enter the entire command. File or option? ./gencsr 2048 or something similar

neurobin commented 7 years ago

What's your openssl version?:

openssl version

This will create a dom.key with 2048 bit key size if the dom.key doesn't exist:

./gencsr -ks 2048

And this will create a new key regardless if the dom.key exists or not:

./gencsr -ks 2048 -n

without needing to enter the entire command

All parameters are optional, you give what you want.

online-stuff commented 7 years ago

What's your openssl version?

Ouch (to deleted reply), and yes it is installed..

[root@mimic gencsr-release]# openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013

Cool, thanks for the 2048 parameter, and the other options that makes available ;)

neurobin commented 7 years ago

Too old, mine is OpenSSL 1.0.2g 1 Mar 2016

You can try copying the openssl.cnf file to /etc/ssl/ directory:

git clone https://github.com/neurobin/gencsr #download the repo again
cd gencsr #change to gencsr directory
sudo cp openssl.cnf /etc/ssl/openssl.cnf #copy the .cnf file to /etc/ssl/

I uploaded my openssl.cnf file in the repository. If it doesn't work, you will have to update your openssl. Actually you should update it, security tools should always be up to date.

online-stuff commented 7 years ago

I forgot my server had very little RAM.. Before I ran the package updater, I forgot to change a couple limits.. It broke the server.. Middle of a kernel update when it crashed.. haha

Finally recovered..

OpenSSL 1.0.1e-fips 11 Feb 2013

Full version is 1.0.1e-57.el6.. So the HeartBleed issue was patched..

Regardless.. Copying the openssl.cnf file to /etc/ssl/openssl.cnf fixed the issue.