[openssl-users] 1st time through, only -- "Can't open root/database.attr for reading, No such file or directory" ?

Jeffrey Walton noloader at gmail.com
Mon Jun 5 01:18:26 UTC 2017


On Sun, Jun 4, 2017 at 8:57 PM, Jeffrey Walton <noloader at gmail.com> wrote:
> On Sun, Jun 4, 2017 at 7:56 PM, PGNet Dev <pgnet.dev at gmail.com> wrote:
>> On 6/4/17 4:51 PM, Jeffrey Walton wrote:
>>>>
>>>> but the process STARTS with an apparently non-fatal error ...
>>>>
>>>>          Using configuration from /home/sec/newCA/openssl.cnf
>>>>          Can't open root/database.attr for reading, No such file or
>>>> directory
>>>>          140013244086016:error:02001002:system
>>>> library:fopen::crypto/bio/bss_file.c:74:fopen('root/database.attr','r')
>>>>          140013244086016:error:2006D080:BIO routines:BIO_new_file:no such
>>>> file:crypto/bio/bss_file.c:81:
>>>
>>>
>>> This usually indicates the OpenSSL conf file cannot be found. Its odd
>>> that "Using configuration from /home/sec/newCA/openssl.cnf" is
>>> reported.
>>>
>>> Maybe you can try `OPENSSL_CONF=/home/sec/newCA/openssl.cnf <command>`
>>> to isolate the issue (or maybe rule out its not a conf file problem).
>>
>>
>> The message above doesn't indicate that openssl.cnf can't be found.  In fact
>> it explcitly states that it IS found and IS using it
>>
>>>>          Using configuration from /home/sec/newCA/openssl.cnf
>>
>> It's the same openssl.cnf used in all the PRIOR steps, with not problem
>> whatsoever.
>>
>> Rather it's
>>
>>>>          Can't open root/database.attr for reading, No such file or
>>>> directory
>>
>> that's not found.
>>
>> I've found that if I simply
>>
>>         touch root/database.attr
>>         touch intermediate/database.attr
>>
>> as already's been done with
>>
>>         touch root/database
>>         touch intermediate/database
>
> Oh, I was not aware you were skipping steps. I guess that explains the
> unusual results.

BTW, I believe you are also supposed to add an initial serial number.
Something like:

    echo "0" > serialno.txt

Check your conf file for the filename.

(The information is somewhere in the docs. It may be in the
Certificates HOWTO or the CA HOWTO).

Jeff


More information about the openssl-users mailing list