OpenSSL Configuration File

Restriction: This topic applies only when the Enterprise Server feature is enabled.

The OpenSSL configuration file provides SSL defaults for items such as:

The configuration file is called openssl.cnf by default and belongs in the same directory as openssl.exe by default. You can specify a different configuration file by using the OPENSSL_CONF environment variable or you can specify alternative configurations within one configuration file.

The configuration file is a text file and comprises several sections, such as:

In the options in the configuration file, all filenames must be given complete with absolute path.

For full details see OpenSSL CA function on the MKS Software site and page down to the section on the Configuration File .

If you receive a warning message like "WARNING: can't open config file: /usr/local/ssl/openssl.cnf" from the OpenSSL utility, set the environment variable OPENSSL_CONF to the location of a suitable openssl.cnf file. One is included with the Micro Focus DemoCA, in the main directory of the DemoCA installation. For example:

Windows:

set OPENSSL_CONF=C:\Program Files (x86)\Micro Focus\DemoCA\openssl.cnf

UNIX:

export OPENSSL_CONF=$COBDIR/DemoCA

Note: This message is only a warning; the openssl command may still perform the function you requested. The openssl.cnf file is primarily used to set default values for the CA function, key sizes for generating new key pairs, and similar configuration. Consult the OpenSSL documentation available at openssl.org for more information.

OpenSSL CA function openssl.org