I am newbie to OPENSSL world.I am trying into install openssl certification on my microsoft exchange server. For this I was following below article step by step. at one place I stuck while createing 'ca' and getting below errors.
I have created index.txt , serial files and have proper permissions.
Using configuration from c:\OpenSSL-Win64\bin\openssl.cfg
C:\OpenSSL-Win64>bin\openssl.exe ca -name ServerCA -policy policy_anything -in SIFY_CA\requests\SIFYSERV4-EXCHANGE.csr -o t SIFY_CA\certs\SIFYSERV4-EXCHANGE-WRONGFORMAT.cer -md sha1 Loading 'screen' into random state - done Enter pass phrase for \\DALLAS\OpenSSL-Win64\SIFY_CA\private\SIFY_CA.key: Error Loading extension section ca_cert 11128:error:02001002:system library:fopen:No such file or directory:.\crypto\bio\bss_file.c:169:fopen('\\DALLAS\OpenSSL-Win64\SIFY_CA\index.txt.attr','rb') 11128:error:2006D080:BIO routines:BIO_new_file:no such file:.\crypto\bio\bss_file.c:172: 11128:error:0E078072:configuration file routines:DEF_LOAD:no such file:.\crypto\conf\conf_def.c:197: 11128:error:2207507C:X509 V3 routines:v2i_GENERAL_NAME_ex:missing value:.\crypto\x509v3\v3_alt.c:537: 11128:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in extension:.\crypto\x509v3\v3_conf.c:93:name=subjectAltName, value=D S:sifytech.com,DNS:www.sifytech.com;DNS:*.sifytech.com,mail.SIFY.com,owa.sifytech.com
openssl.cfg
HOME = \\\\DALLAS\\OpenSSL-Win64 #RANDFILE = $HOME\\.rnd [ca] default_ca = SIFY_CA [SIFY_CA] dir = $HOME\\SIFY_CA certs = $dir\\certs crl_dir = $dir\\crl database = $dir\\index.txt new_certs_dir = $dir\\newcerts certificate = $certs\\SIFY_CA.cer serial = $dir\\serial crl = $crl_dir\\SIFY_CA.crl private_key = $dir\\private\\SIFY_CA.key RANDFILE = $dir\\private\\.rnd unique_subject = no email_in_dn = yes policy = policy_match x509_extensions = ca_cert default_days = 18250 default_crl_days = 18250 default_md = md5 [ServerCA] dir = $HOME\\SIFY_CA certs = $dir\\certs crl_dir = $dir\\crl database = $dir\\index.txt new_certs_dir = $dir\\newcerts certificate = $certs\\SIFY_CA.cer serial = $dir\\serial #####crl = $crl_dir\\ServerCA.crl crl = $crl_dir\\SIFY_CA.crl private_key = $dir\\private\\SIFY_CA.key RANDFILE = $dir\\private\\.rnd unique_subject = no email_in_dn = yes policy = policy_match x509_extensions = ca_cert default_days = 18250 default_crl_days = 18250 default_md = md5 #####copy_extensions = copy #####copy_extensions = none [policy_match] countryName = match stateOrProvinceName = optional organizationName = optional organizationalUnitName = supplied commonName = supplied emailAddress = optional [policy_anything] countryName = optional stateOrProvinceName = optional localityName = optional organizationName = optional organizationalUnitName = optional commonName = supplied emailAddress = optional [req] default_bits = 2048 default_keyfile = privkey.pem distinguished_name = req_distinguished_name #attributes = req_attributes x509_extensions = v3_ca req_extensions = v3_req [req_distinguished_name] countryName = Country Name (2 letter code) countryName_default = GB countryName_min = 2 countryName_max = 2 stateOrProvinceName = State or Province Name (full name) stateOrProvinceName_default = West Midlands localityName = Locality Name (eg, city) localityName_default = Birmingham 0.organizationName = Organization Name (eg, company) 0.organizationName_default = WHLB (Certificate Authority) organizationalUnitName = Organizational Unit Name (eg, section) organizationalUnitName_default = commonName = Common Name (eg, YOUR name) commonName_default = WHLB (Certificate Authority) commonName_max = 64 emailAddress = Email Address emailAddress_max = 64 [v3_ca] #basicConstraints = critical, CA:true, pathlen:0 basicConstraints = CA:true #nsCertType = sslCA #keyUsage = cRLSign, keyCertSign #extendedKeyUsage = serverAuth, clientAuth nsComment = "OpenSSL CA Certificate" crlDistributionPoints = URI:http://dallas.sifytech.com/SIFY_ca/crl/SIFY_CA.crl [v3_req] basicConstraints = CA:FALSE keyUsage = nonRepudiation, digitalSignature, keyEncipherment crlDistributionPoints = URI:http://dallas.sifytech.com/SIFY_ca/crl/SIFY_CA.crl [ca_cert] basicConstraints = CA:true nsComment = "OpenSSL Generated Certificate" subjectKeyIdentifier = hash authorityKeyIdentifier = keyid, issuer:always extendedKeyUsage = serverAuth, clientAuth crlDistributionPoints = URI:https://dallas.sifytech.com/SIFY_ca/crl/SIFY_CA.crl subjectAltName = DNS:sifytech.com,DNS:www.sifytech.com;DNS:*.sifytech.com,mail.intensify.com,owa.sifytech.com
What could be wrong? Did I miss anything here? Help me out?