[openssl-users] Permission denied while creating the key

Jakob Bohm jb-openssl at wisemo.com
Fri Apr 10 11:47:03 UTC 2015

On 10/04/2015 13:06, Sudhakar.Shanmugam wrote:
> I’m facing below error while creating the private key, has anyone 
> encountered this error?
> mftlx1001[/opt/mft/shared/software]> openssl genrsa -out mfra.key 2048 
> -config openssl.cnf
> mfra.key: Permission denied
> 32096:error:0200100D:system library:fopen:Permission 
> denied:bss_file.c:352:fopen('mfra.key','w')
> 32096:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:354:
You are trying to save the secret key in

You are not running as root (this is GOOD!).

You are not supposed to (and not allowed to) put the key
file there, because that directory is only supposed to
contain software AND because everybody else can read that

You should put the key in a directory where only you have
access, and where you do have write access.

For example

[/home/Sudhakar.Shanmugam/secrets]>chmod 0700 .

[/home/Sudhakar.Shanmugam/secrets]>umask 077

genrsa -out mfra.key 2048 -config /opt/mft/shared/software/openssl.cnf

Please try not to get hacked.


Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

More information about the openssl-users mailing list