Главная » Linux

Running openssl on windows

Содержание
  1. OpenSSL — Installation under Windows
  2. Need help?
  3. Install OpenSSL on a windows machine
  4. Use OpenSSL on a Windows machine
  5. b) Generate the private key (.key) and the CSR (Certificate Signing Request)
  6. Issues encountered on Windows while generating a CSR via one command
  7. Troubleshooting: execute simplified commands:
  8. OpenSSL: cases of uses
  9. Running Openssl from a bash script on windows — Subject does not start with ‘/’
  10. 2 Answers 2
  11. What is this magic?
  12. Installing OpenSSL on Windows 10 and updating PATH
  13. Install OpenSSL
  14. Add OpenSSL to your PATH
  15. How To Install OpenSSL on Windows
  16. Step 1 – Download OpenSSL Binary
  17. Step 2 – Run OpenSSL Installer
  18. Step 3 – Setup Environment Variables
  19. Step 4 – Run OpenSSL Binary

OpenSSL — Installation under Windows

In some situations, it can be useful to generate a CSR using OpenSSL. This manual describes the installation of OpenSSL under Windows.

  1. Download the OpenSSL for Windows installation package.
  2. Double-click the installation file.
  3. If the following error message appears, you should install Microsoft Visual C++ 2008 Redistributables. The installation file can be downloaded here.
  4. Double-click the installation file and click on Next
  5. Click on I accept the agreement, followed by Next.
  6. Leave the default installation path (C:\OpenSSL-Win32) and click on Next.
  7. Leave the default Startmenu folder(OpenSSL) and click on Next.
  8. Leave the The Windows system directory and click on Next.
  9. Click on Install.
  10. Click on Finish once the installation has been completed.

OpenSSL for Windows has now been installed and can be found as OpenSSL.exe in C:\OpenSSL-Win32\bin\. Always open the program as Administrator.
Note: The following error message might appear when running OpenSSL:

WARNING: can’t open config file: /usr/local/ssl/openssl.cnf

This can be solved as following:

  1. Close OpenSSL.
  2. Open a Command Prompt (CMD) as Administrator
  3. Run the following command: SET OPENSSL_CONF=C:\OpenSSL-Win32\bin\openssl.cfg
  4. Reboot the computer.

Need help?

Call us +31 88 775 775 0

Install OpenSSL on a windows machine

To perform certain cryptographic operations (creation of a private key, generation of a CSR, conversion of a certificate . ) on a Windows computer we can use the OpenSSL tool.

  • Go to this website: Download link for OpenSSL
  • Go down in the page and choose the version (in .EXE):
    • Win64 OpenSSL v1.X.X : if your OS is 64 bits
    • Win32 OpenSSL v1.X.X : if your OS is 32 bits

  • For some versions of Windows systems, you may need to install «Visual C ++ 2008 Redistributable».

Use OpenSSL on a Windows machine

By default, OpenSSL for Windows is installed in the following directory:

  • if you have installed Win64 OpenSSL v1.X.X: C:\Program Files\OpenSSL-Win64\
  • if you have installed Win32 OpenSSL v1.X.X: C:\Program Files (x86)\OpenSSL-Win32\

To launch OpenSSL, open a command prompt with administrator rights.

b) Generate the private key (.key) and the CSR (Certificate Signing Request)

As part of obtaining (or renewing or reissue) a certificate, you will have to generate a private key and the associated CSR. To do this we advise you to use our online wizard to execute the OpenSSL command with the adequate parameters.
Open a command prompt with Administrators rights (right click — Run as . ). Go to the «bin» subdirectory from the OpenSSL installation folder.

Example of the command to execut:

Save and keep safe the file containing the private key (.key, and copy / paste only the contents of the file .csr file in the order form.

Issues encountered on Windows while generating a CSR via one command

According to the version of OpenSSL you installed or to the the installation method on Windows, you may encounter error messages such as:

  • config or req is not recognized as an internal or external command
    Check the syntax and the quotes when executing your command.
  • Unable to load config info from /usr/local/ssl/openssl.cnf
    OpenSSL relies here on a Linux default arborescence.

Troubleshooting: execute simplified commands:

Reminder:
— To launch the command prompt, go to the start menu and execute «cmd».
— To paste the following command lines in dos command prompt, right click and select paste.
— To go to the repertory in which is installed OpenSSL, execute:

    The private key is generated with the following command. Define a file name that suits you:

then use this command to generate the CSR:

On some platforms, theopenssl.cnf that OpenSSL reads by default to create the CSR is not good or nonexistent. In this case you can download our and place it, for example, in C:\Program Files\OpenSSL-Win64\openssl.cnf:

  • For DigiCert or Thawte server certificates: openssl-dem-server-cert-thvs.cnf
  • For TBS X509 or Sectigo server certificates: openssl-dem-server-cert.cnf

  • You’ll be asked by the system to fill-in fields ; Fill them in and respect the instructions (more information onObtain a server certificate)

    Country Name (2 letter code) []: (FR for example)
    State or Province Name (full name) [Some-State]: (the name of your state in full letters)
    Locality Name (eg, city) []: (the name of your city)
    Organization Name (eg, company) []: (the name of your organization)
    Organizational Unit Name (eg, section) []: (let blank — advised — or provide a generic term such as «IT department»)
    Common Name (eg, YOUR name) []: (the name of the site to be secured)
    Email Address []: (let blank)

    Let the other fields blank, they are optional.

    So you get 2 files: site-file.key and site-file.csr. Keep the private key file (site-file.key) securely, then copy / paste the content of the site-file.csr file into the order form at TBS CERTIFICATES.
    Warning: Never send us or a third party the private key (site-file.key) otherwise the security of your site may no longer be ensured.

    OpenSSL: cases of uses

    OpenSSL is the toolbox mainly used by opensource software for SSL implementation.

    Running Openssl from a bash script on windows — Subject does not start with ‘/’

    In my script I have:

    Running this on Windows in Git Bash 3.1 gives:

    Tried escaping the subj like so: -subj \»/C=UK/ST=someplace/L=Provo/O=Achme/CN=$

    Still doesn’t work. Any ideas?

    2 Answers 2

    This issue is specific to MinGW/MSYS which is commonly used as part of the Git for Windows package.

    The solution is to pass the -subj argument with leading // (double forward slashes) and then use \ (backslashes) to separate the key/value pairs. Like this:

    This will then be magically passed to openssl in the expected form:

    So to answer the specific question, you should change the -subj line in your script to the following.

    That should be all you need.

    What is this magic?

    For those curious about exactly what is going on here, I can explain this mystery. The reason is that MSYS reasonably assumes that arguments containing slashes are actually paths. And when those arguments are passed to an executable that haven’t been compiled specifically for MSYS (like openssl in this case) then it will convert POSIX paths to Win32 paths. The rules for this conversion are quite complex as MSYS tries its best to cover most common scenarios for interoperability. This also explains why using openssl from a windows command prompt ( cmd.exe ) works fine, because no magical conversions are made.

    You can test the conversion like this.

    We can’t use the echo executable that comes with MSYS since it was compiled for MSYS, instead we’ll use the echo builtin in cmd . Notice that since cmd switches starts with / (common for windows commands) we need to handle that with double slashes. As we can see in the output the argument was expanded to a windows path and it becomes clear why openssl does indeed claim that Subject does not start with ‘/’. .

    Let’s see some more conversions.

    Double slashes makes MSYS believe the argument is a windows style switch which results in stripping a / only (no path conversion). You would think that with this we could just use slashes to add more key/value pairs. Let’s try that.

    Suddenly the double slashes in the start isn’t stripped down. This is because now, with a slash following the initial double slashes, MSYS thinks we are referencing a UNC path (e.g. //server/path). If this was passed to openssl it would skip the first key/value saying Subject Attribute /O has no known NID, skipped .

    Here is the relevant rule from the MinGW wiki explaining this behavior:

    • An argument starting with 2 or more / is considered an escaped Windows style switch and will be passed with the leading / removed and all \ changed to /.
      • Except that if there is a / following the leading block of /, the argument is considered to be a UNC path and the leading / is not removed.

    In this rule we can see the method we could use to create the argument we want. Since all \ that follows in an argument starting with // will be converted to plain / . Let’s try that out.

    And as we can see it does work.

    Hope this demystifies the magic a little bit.

    Installing OpenSSL on Windows 10 and updating PATH

    I recently discovered a convoluted way to build an iOS .ipa package without using a MacBook. It involves many steps, one of which is using OpenSSL for Windows. Instead of creating one huge blog post with all steps defined in detail, I decided to split them up in bite-size articles. This is one of them. Here I will teach you to do the following:

    • Install OpenSSL
    • Add OpenSSL to your PATH

    Install OpenSSL

    This step is a simple one. Simply choose the version that applies to your PC from here. As example, I chose the Win64 OpenSSL v1.1.1g MSI (not the light version) from the table:

    Run the EXE or MSI with default settings till completion and that should take care of installing OpenSSL!

    Add OpenSSL to your PATH

    Why do we want to do this? First off, it’s not a necessity, it just makes it more convenient to use OpenSSL from the command line in the directory of your choice. After the initial install, the openssl.exe is only available from the directory where it resides, namely:

    You could open a command prompt from here and perform the operations you want, but as I am using this to create a Certificate Signing Request (CSR) for a specific purpose, I like to create that from the directory where I’d like to keep that CSR. To do that, lets add it to our PATH, which we can find in the Environment Variables. Here we go:

    • Hit the Windows button on your keyboard or click it in the task bar, then search for “Environment Variables”.

    How To Install OpenSSL on Windows

    OpenSSL is a full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It is licensed under an Apache-style license. This tutorial will help you to install OpenSSL on Windows operating systems.

    Step 1 – Download OpenSSL Binary

    Download the latest OpenSSL windows installer file from the following download page. Click the below link to visit OpenSSL download page:

    Step 2 – Run OpenSSL Installer

    Now run the OpenSSL installer on your system. The OpenSSL required Microsoft Visual C++ to be installed on your system. If your system doesn’t have Microsoft Visual C++ installed, the installer will show your message like:

    Click Yes to download and install required Microsoft Visual C++ package on your system.

    Then again run the OpenSSL installer and follow the wizard.

    Step 3 – Setup Environment Variables

    Now set the environment variables to function OpenSSL properly on your system. You are required to set OPENSSL_CONF and Path environment variables.

    Set OPENSSL_CONF Variable:

    Set Path Variable:

    Step 4 – Run OpenSSL Binary

    Open a command prompt and type openssl to get OpenSSL prompt. Then run version command on OpenSSL proper to view installed OpenSSL version.

    Читайте также:  Linux get file type
    • Оцените статью
    © 2024 Советы по настройке компьютера