Interpreting OpenSSL Error Messages

OpenSSL produces many error messages which can appear cryptic at times. This topic does not explain all the OpenSSL error messages, but it provides some guidance on how to interpret the messages.

Here is a typical OpenSSL error message that is caused by failing to set the SSLDIR environment variable to a directory containing openssl.cnf:

C:\Program Files\Micro Focus\DemoCA>openssl ca -revoke srvsert3.p12
Using configuration from /usr/local/ssl/openssl.cnf
error loading the config file '/usr/local/ssl/openssl.cnf'
3792:error:02001003:system library:fopen:No such process:.\crypto\bio\bss_file.c
3792:error:2006D080:BIO routines:BIO_new_file:no such file:.\crypto\bio\bss_file
3792:error:0E064072:configuration file routines:CONF_load:no such file:.\crypto\

The structure breaks down as follows:

Within each code layer specific location information is provided about what status was generated, within which source module and guidance as to the parameter that caused the error.

The important information is usually found in the final line. In this case, the text “no such file” indicates the symptom of the failure. The file might exist but has the wrong location specified, this will require you to modify the SSLDIR accordingly.

The OpenSSL Web site has several relevant sections, in particular the HOW TO sections.

openssl dsa -in srvkey.pem -out keyout.pem
read DSA key
Enter PEM pass phrase:
unable to load Key
2588:error:06078081:digital envelope routines:EVP_PKEY_get1_DSA:expecting a dsa