error openssl with Exchange server 2013?

I am newbie to OPENSSL world.I am trying into install openssl certification on my microsoft exchange server. For this I was following below article step by step. at one place I stuck while createing 'ca' and getting below errors.

I have created index.txt , serial files and have proper permissions.

article: http://www.stephen-scotter.net/computers/windows/exchange/using-openssl-to-create-a-certificate-for-exchange-2010

Using configuration from c:\OpenSSL-Win64\bin\openssl.cfg 

C:\OpenSSL-Win64>bin\openssl.exe ca -name ServerCA -policy policy_anything -in SIFY_CA\requests\SIFYSERV4-EXCHANGE.csr -o 
t SIFY_CA\certs\SIFYSERV4-EXCHANGE-WRONGFORMAT.cer -md sha1 
Loading 'screen' into random state - done 
Enter pass phrase for \\DALLAS\OpenSSL-Win64\SIFY_CA\private\SIFY_CA.key: 
Error Loading extension section ca_cert 
11128:error:02001002:system library:fopen:No such file or directory:.\crypto\bio\bss_file.c:169:fopen('\\DALLAS\OpenSSL-Win64\SIFY_CA\index.txt.attr','rb') 
11128:error:2006D080:BIO routines:BIO_new_file:no such file:.\crypto\bio\bss_file.c:172: 
11128:error:0E078072:configuration file routines:DEF_LOAD:no such file:.\crypto\conf\conf_def.c:197: 
11128:error:2207507C:X509 V3 routines:v2i_GENERAL_NAME_ex:missing value:.\crypto\x509v3\v3_alt.c:537: 
11128:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in extension:.\crypto\x509v3\v3_conf.c:93:name=subjectAltName, value=D 
S:sifytech.com,DNS:www.sifytech.com;DNS:*.sifytech.com,mail.SIFY.com,owa.sifytech.com

openssl.cfg

HOME     = \\\\DALLAS\\OpenSSL-Win64 
#RANDFILE = $HOME\\.rnd 

[ca] 
default_ca = SIFY_CA 

[SIFY_CA] 
dir              = $HOME\\SIFY_CA 
certs            = $dir\\certs 
crl_dir          = $dir\\crl 
database         = $dir\\index.txt 
new_certs_dir    = $dir\\newcerts 
certificate      = $certs\\SIFY_CA.cer 
serial           = $dir\\serial 
crl              = $crl_dir\\SIFY_CA.crl 
private_key      = $dir\\private\\SIFY_CA.key 
RANDFILE         = $dir\\private\\.rnd 
unique_subject   = no 
email_in_dn      = yes 
policy           = policy_match 
x509_extensions  = ca_cert 
default_days     = 18250 
default_crl_days = 18250 
default_md       = md5 


[ServerCA] 
dir              = $HOME\\SIFY_CA 
certs            = $dir\\certs 
crl_dir          = $dir\\crl 
database         = $dir\\index.txt 
new_certs_dir    = $dir\\newcerts 
certificate      = $certs\\SIFY_CA.cer 
serial           = $dir\\serial 
#####crl              = $crl_dir\\ServerCA.crl 
crl              = $crl_dir\\SIFY_CA.crl 
private_key      = $dir\\private\\SIFY_CA.key 
RANDFILE         = $dir\\private\\.rnd 
unique_subject   = no 
email_in_dn      = yes 
policy           = policy_match 
x509_extensions  = ca_cert 
default_days     = 18250 
default_crl_days = 18250 
default_md       = md5 
#####copy_extensions  = copy 
#####copy_extensions  = none 

[policy_match] 
countryName            = match 
stateOrProvinceName    = optional 
organizationName       = optional 
organizationalUnitName = supplied 
commonName             = supplied 
emailAddress           = optional 

[policy_anything] 
countryName            = optional 
stateOrProvinceName    = optional 
localityName           = optional 
organizationName       = optional 
organizationalUnitName = optional 
commonName             = supplied 
emailAddress           = optional 

[req] 
default_bits       = 2048 
default_keyfile    = privkey.pem 
distinguished_name = req_distinguished_name 
#attributes        = req_attributes 
x509_extensions    = v3_ca 
req_extensions     = v3_req 

[req_distinguished_name] 
countryName = Country Name (2 letter code) 
countryName_default = GB 
countryName_min = 2 
countryName_max = 2 
stateOrProvinceName = State or Province Name (full name) 
stateOrProvinceName_default = West Midlands 
localityName    = Locality Name (eg, city) 
localityName_default            = Birmingham 
0.organizationName  = Organization Name (eg, company) 
0.organizationName_default  = WHLB (Certificate Authority) 
organizationalUnitName  = Organizational Unit Name (eg, section) 
organizationalUnitName_default  = 
commonName  = Common Name (eg, YOUR name) 
commonName_default  = WHLB (Certificate Authority) 
commonName_max  = 64 
emailAddress    = Email Address 
emailAddress_max    = 64 


[v3_ca] 
#basicConstraints      = critical, CA:true, pathlen:0 
basicConstraints      = CA:true 
#nsCertType            = sslCA 
#keyUsage              = cRLSign, keyCertSign 
#extendedKeyUsage      = serverAuth, clientAuth 
nsComment             = "OpenSSL CA Certificate" 
crlDistributionPoints = URI:http://dallas.sifytech.com/SIFY_ca/crl/SIFY_CA.crl

[v3_req] 
basicConstraints      = CA:FALSE 
keyUsage              = nonRepudiation, digitalSignature, keyEncipherment 
crlDistributionPoints = URI:http://dallas.sifytech.com/SIFY_ca/crl/SIFY_CA.crl

[ca_cert] 
basicConstraints       = CA:true 
nsComment              = "OpenSSL Generated Certificate" 
subjectKeyIdentifier   = hash 
authorityKeyIdentifier = keyid, issuer:always 
extendedKeyUsage       = serverAuth, clientAuth 
crlDistributionPoints = URI:https://dallas.sifytech.com/SIFY_ca/crl/SIFY_CA.crl
subjectAltName        = DNS:sifytech.com,DNS:www.sifytech.com;DNS:*.sifytech.com,mail.intensify.com,owa.sifytech.com 

What could be wrong? Did I miss anything here? Help me out?


February 8th, 2015 10:52am

Check whether this issue caused by Firewall. Disable Firewall and create a Exchange request, create a certificate on Public CA.

Free Windows Admin Tool Kit Click here and download it now
February 12th, 2015 3:44am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics