Cannot not install SSL

I have trying to install an SSL certificate as explained above but I keep getting the message "1398445524476352:Error:0E079065 :Configuration file routines:DEFLOADBIO:missing equal sign:conf_def.c:345:line 354". This happens when I try to create the certificate. I have some idea what may have caused this, I tried to install Mail In a Box on the same server which I have since removed however I have no idea on how to fix the problem. Can anyone show how to fix this problem?

5 Replies

Not sure what specific commands you're using, but it sounds like you haven't populated your ssl.cnf file with the information you want embedded in your certificate signing request file (CSR). I based that off this github issue with similar error messages:

https://github.com/alexa/alexa-avs-sample-app/issues/30#issuecomment-203092766

Any specific guide you're following?
What are the contents of your ssl.cnf file?

I was using the Guide "Create a Self-Signed TLS Certificate" and it was when I tried to run (openssl req -new -newkey rsa:4096 -x509 -sha256 -days 365 -nodes -out MyCertificate.crt -keyout MyKey.key) in part two that I received the message. I am pretty sure that my attempt to install Mail In A Box on the same server was the big mistake as Mail In A Box tries to install a SSL certificate on the server and that I think that is where the problem is. I just have no idea how to fix this problem.

Mail-in-a-box might have done something funky with OpenSSL. I can't promise that this will fix your problem, but you could try to reinstall OpenSSL:

Debian based Linux (like Ubuntu):

$ sudo apt-get install --reinstall openssl

RHEL based Linux (like CentOS):

$ sudo yum reinstall openssl

That didn't fix the problem. Do you have any other ideas?

Openssl should be interactively asking you for information for the certificate with that command, but it seems like that's not happening here. For example this is what happens when I run that command on a new Linode:

root@li555-55:~# openssl req -new -newkey rsa:4096 -x509 -sha256 -days 365 -nodes -out MyCertificate.crt -keyout MyKey.key
Generating a 4096 bit RSA private key
.........................................................................................++
......++
writing new private key to 'MyKey.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:

Perhaps Mail In A Box created an ssl configuration file somewhere that it's using? From what I can tell from their guide, Mail In A Box already creates an un-signed certificate. What's your use case for making another?

Worse comes to worst you could work around this by spinning up a new temporary Linode instance with a fresh Linux install to make the certificate and download the certificate and key.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct