openSSL config file cannot find distinguished_name

Question

I'm attempting to create a config file in Ubuntu to create a self-signed certificate, but when I attempt to create the certificate key I'm getting the following error:

Here's the actual config in the vim editor, where you can see it does have a distinguished name, so I suspect the real error is whatever is wrong with line 1 - but as you see line one just a comment?

Answer 1

Your [ req ] section appears to be missing the distinguished_name part. EDIT: I see you have it, it's just pointing a wrong or non-existent section. See below for what I have in my own config file, which works.

[ req ]
# Options for the `req` tool (`man req`).
default_bits        = 4096
distinguished_name  = req_distinguished_name
string_mask         = utf8only

# SHA-1 is deprecated, so use SHA-2 instead.
default_md          = sha256

# Extension to add when the -x509 option is used.
x509_extensions     = v3_ca

[ req_distinguished_name ]
# See <https://en.wikipedia.org/wiki/Certificate_signing_request>.
# See <https://en.wikipedia.org/wiki/Certificate_signing_request>.
countryName                     = Country Name (2 letter code)
stateOrProvinceName             = State or Province Name
localityName                    = Locality Name
0.organizationName              = Organization Name
organizationalUnitName          = Organizational Unit Name
commonName                      = Common Name
emailAddress                    = Email Address

Based on what you have, I believe you'll need to insert the following into your [ req ] section:

distinguished_name  = root_ca_distinguished_name