Web Server Build :: Openssl_pkey_new() result: FAIL :: Configuration Fix

Old No Comments on Web Server Build :: Openssl_pkey_new() result: FAIL :: Configuration Fix 27

Purpose:

This fix is specifically for people using MS IIS on Windows machines, if you are using apache or some other way to host your sites files… this may or may not help you.

Fix: Openssl_pkey_new() result: Fail

Specific Error:

Openssl_pkey_new() result: fail

error:02001003:system library:fopen:No such process;
error:2006D080:BIO routines:BIO_new_file:no such file;
error:0E064002:configuration file routines:CONF_load:system lib;
error:02001003:system library:fopen:No such process;
error:2006D080:BIO routines:BIO_new_file:no such file;
error:0E064002:configuration file routines:CONF_load:system lib

OVERVIEW:

When attempting an install of a new (to us) ecommerce software that uses encryption to store user data I was running into a problem with it failing on the generation of keys. The problem was a pain and the answers to the problem were scattered over searching google. And like most things we spend time on the fix is extremely simple.

In my google researching I also found that this is a very popular problem with PHP developers (at least new ones) and it seems to be related specifically to using PHP and Openssl in a windows environment. In my experience the problem ended up being a sys admin problem, because it is a server configuration problem and at least in my case there was nothing wrong with the code.

Being a configuration problem, I will just include the majority of the processes I took to get this web server working, even stuff that didn’t really touch php or openssl… just in case.

BUILD:

Microsoft Server 2012 R2

Microsoft IIS + CGI (use server manager to install)

Openssl v1.0 x86 (binary distribution)

PHP 5.3.28 x86 – non thread safe. (if you are not using fast-cgi the recommendation is to use thread safe)

Mysql 5.6.16

Install Process:

Microsoft Server 2012 R2 (google it)

Microsoft IIS + CGI (fast cgi)

Open server manager go to add roles

Pick the IIS role and under features locate and check the CGI checkbox

Openssl v1.0 x86

Go to the openssl.org website and find the binary distribution page. The link will take you here http://slproweb.com/products/Win32OpenSSL.html (for what I can tell it’s a safe page, but use your own intuition and common sense.)

I downloaded the “Win64 Openssl v1.0” installer.

You will probably get an error for C++ 2008 Redistributable not being installed… even if it is installed. Either way I’ve done it with it installed and without and never ran into a problem. So just click OK and continue.

The only other change I made in the Openssl install process was setting the directory path for install to “c:\openssl\” instead of the default.

PHP 5.3.28 x86 – non thread safe

Download the .msi file from the windows.php.net website.

The only change I made in the install was to set the directory path for install to “c:\PHP\”.

MySql 5.6.16

Download the .msi file directly from the mysql.com site.

Follow the install prompts and pick what you want.

Configuration:

The Openssl_pkey_new() result: FAIL  error fix.

There are two fundamental problems causing this error.

1. File permissions, which makes a whole heck of a lot more sense about why this is a windows specific problem.

2. Path problems… basically PHP cannot find the proper openssl.cnf file or the rest of the directory.

The fix:

1. If you set up your server following my instructions the openssl directory will be located at “c:\openssl\”.

a. Go to the location of your openssl directory.

b. Right click on it and go to properties

c. Go to the security tab, and click edit (you will need admin permissions)

d. Locate or add the “IUSR” group.

e. Add Read & Execute, list folder contents & Read to allow. YOU DO NOT NEED TO ALLOW WRITE PERMISSIONS.

2. Go to Control Panel > System and Security > System > Pick Advanced System Settings (on the left) > in the new windows pick “Environment Variables”.

a. In the system variables window (the lower one) Scroll down to the “Path” variable.

b. At the end of the list add a semi colon and the path to your openssl bin directory. For example previousfilepath;C:\openSSL\bin

c. DO NOT DELETE OR MODIFY ANYTHING ELSE… YOU WILL BREAK STUFF.

Go test your PHP code with the Openssl_pkey_new() function. You may wish to create a test file that disregards other portions of code that may be causing other problems. And just test the key creation functionality.

Hope this saves someone some headaches.

Author

Josh Donovan

Systems Administrator for a US based wholesale small electronics repair parts and supplies distribution company. I focus mainly on virtualization and web servers for online ecommerce, active directory/office infrastructure, plus some networking. -- Contact Email -- Josh@alcanweb.com

Related Articles

Leave a comment

Back to Top