NetTalk Central

Author Topic: Local SSL reset  (Read 5194 times)

markster

  • Full Member
  • ***
  • Posts: 204
    • View Profile
    • Email
Local SSL reset
« on: July 14, 2014, 01:37:17 PM »
I was fiddling with a self-created SSL certificate and NT SSL a number of months back, but opted back out during a whole lot of development. Now I need to reactivate the SSL. In the NT docs, it describes the self-certification process. So I run the CreateCACertificate.bat file, but I keep getting the error: can't open config file: usr/local/ssl/openssl.cnf.

How do I resolve this so that I can rerun the certificate making process?

Thanks,

Mark

Bruce

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 11250
    • View Profile
Re: Local SSL reset
« Reply #1 on: July 18, 2014, 06:19:04 AM »
which NetTalk build?

markster

  • Full Member
  • ***
  • Posts: 204
    • View Profile
    • Email
Re: Local SSL reset
« Reply #2 on: July 18, 2014, 08:11:18 AM »
C9, NT 8.18.

Mark

Bruce

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 11250
    • View Profile
Re: Local SSL reset
« Reply #3 on: July 20, 2014, 11:06:47 PM »
I'm not getting the same effect here. As far as I recall that BAT file no longer uses that set of settings anymore... Look in the BAT file to see if there's a reference to it?

cheers
Bruce

markster

  • Full Member
  • ***
  • Posts: 204
    • View Profile
    • Email
Re: Local SSL reset
« Reply #4 on: July 21, 2014, 10:13:24 AM »
Bruce, It turns out that it's not anything in the BAT file. The BAT file calls OpenSSL.Exe. When OpenSSL.EXE runs(either from the BAT file or if I start it up directly), it displays the following error:

WARNING: can't open file: \usr\local\ssl\openssl.cnf

Any ideas?

Thanks,

Mark


Bruce

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 11250
    • View Profile
Re: Local SSL reset
« Reply #5 on: July 22, 2014, 07:22:41 AM »
I'm not getting the same effect as you - so let's try and track back a bit...

a) Google gives this advice;
http://techtalk.n3tlab.com/2012/06/openssl-windows-how-to-install-use-and.html

(that page suggests: ) Type at prompt:
set OPENSSL_CONF=c:\openssl-win32\bin\openssl.cfg  (if you don't run this line you will get the following error: WARNING: can’t open config file: /usr/local/ssl/openssl.cnf

However on my machine I checked in SET and I'm not seeing any setting of that nature. Maybe you have something set for OPENSSL_CONF ?

If I go to \clarion9\accessory\bin folder and just type
openSSL
I see the prompt
OpenSSL>

You can press Ctrl-C to quit.

Do you see the conf error if you do this?

Cheers
Bruce


urayoan

  • Full Member
  • ***
  • Posts: 222
    • View Profile
    • AZ Rock Radio
Re: Local SSL reset
« Reply #6 on: July 22, 2014, 08:26:26 AM »
Bruce, for some reason this is broken a long time ago. I did use the old tools provided in C6 (shame on me) to generate the requests.



[attachment deleted by admin]

Bruce

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 11250
    • View Profile
Re: Local SSL reset
« Reply #7 on: July 23, 2014, 04:26:52 AM »
interesting. I don't see the warning. I'm guessing the warning can be ignored.
I wonder what is different on your machine to my machine.

cheers
Bruce

urayoan

  • Full Member
  • ***
  • Posts: 222
    • View Profile
    • AZ Rock Radio
Re: Local SSL reset
« Reply #8 on: July 23, 2014, 05:55:46 AM »
Bruce, maybe your system environment variables has the path for the config file and when the bat file starts does not give the warning.

Something like this

OPENSSL_CONF=c:\[PATH TO YOUR OPENSSL DIRECTORY]\bin\openssl.cfg

Cheers

markster

  • Full Member
  • ***
  • Posts: 204
    • View Profile
    • Email
Re: Local SSL reset
« Reply #9 on: July 23, 2014, 01:48:37 PM »
I believe I had multiple versions of the openssl.exe file. I installed the package to my c:\drive in the OpenSSL-Win32 folder and the exe file is in the \bin subfolder. When I deleted the redundant exe in the clarion accessory bin folder and reran the CreateCACertificate bat file, I no longer had the error. As soon as I get some time, I'll try to rerun the certificate generating process.

Mark