OpenSSL not working on Windows, errors 0x02001003 0x2006D080 0x0E064002

I had a similar problem, for me it helped to set the environment variable 'OPENSSL_CONF' manually at the beginning of my script.

Somehow the environment variable wasn't set correctly, or didn't get through to my php (Setup: AMPPS, Win7 64Bit).

The example location used below is the path that you'd have to use with a standard AMPPS installation, so if you are using AMPPS, just copy&paste :

putenv("OPENSSL_CONF=C:\Program Files (x86)\Ampps\php\extras\openssl.cnf");

If you're using Apache 2.4 + mod_fcgid, you can specify OpenSSL conf file by adding FcgidInitialEnv in httpd.conf file:

# OPENSSL CONF
FcgidInitialEnv OPENSSL_CONF "D:/apps/php70/extras/ssl/openssl.cnf"

I'm not using preconfigured package such as WAMP, I've got Apache from Apache Lounge and PHP from windows.php.net and configured by myself.


a few things here :

%PATH% should also contain windows and system32 so your %PATH% should look like c:\windows;c:\windows\system32;E:\wamp\php and in e:\wamp\php should be the openssl dll file

also try the openssl version matching the header version 0.9.8y 5 Feb 2013 download here for 32bit and here for 64bit

this code seems to work for me:

// Create the keypair
$res=openssl_pkey_new();

// Get private key
openssl_pkey_export($res, $privkey);

// Get public key
$pubkey=openssl_pkey_get_details($res);
$pubkey=$pubkey["key"];
$Info = array(
    "countryName" => "UK",
    "stateOrProvinceName" => "Somerset",
    "localityName" => "Glastonbury",
    "organizationName" => "The Brain Room Limited",
    "organizationalUnitName" => "PHP Documentation Team",
    "commonName" => "Wez Furlong",
    "emailAddress" => "[email protected]"
);

// Actual file
$Private_Key = null;
$Unsigned_Cert = openssl_csr_new($Info,$Private_Key);
$Signed_Cert = openssl_csr_sign($Unsigned_Cert,null,$Private_Key,365);
openssl_pkcs12_export_to_file($Signed_Cert,"test.p12",$Private_Key,"123456");

The code below works as expected. BUT if you run openssl_error_string() after the openssl methods it shows error:0E06D06C:configuration file routines:NCONF_get_string:no value which is some notice I have not been able to find documentation on.

Further note that according to http://www.php.net/manual/en/function.openssl-error-string.php you could be seeing mis-leading errors as error messages are queued:

Be careful when using this function to check errors, as it seems to read from a buffer of > errors, which could include errors from another script or process that was using openssl > functions. (I was surprised to find it returing error messages before I had called any > openssl_* functions)

<?php
/* Create the private and public key */
$res = openssl_pkey_new();
openssl_error_string(); // May throw error even though its working fine!

/* Extract the private key from $res to $privKey */
openssl_pkey_export($res, $privKey);
openssl_error_string(); // May throw error even though its working fine!

/* Extract the public key from $res to $pubKey */
$pubKey = openssl_pkey_get_details($res);
$pubKey = $pubKey["key"];

$data = 'i.amniels.com is a great website!';

/* Encrypt the data using the public key
 * The encrypted data is stored in $encrypted */
openssl_public_encrypt($data, $encrypted, $pubKey);

/* Decrypt the data using the private key and store the
 * result in $decrypted. */
openssl_private_decrypt($encrypted, $decrypted, $privKey);

echo $decrypted;
?>