OpenSSL Powershell Generation UTF-8 Fix

I’ve been working on a vRealize Automation distributed environment for some time now. During the time using it, I wanted to try adding a proxy agent, but I decided prior to that I’d deploy a CA in my environment instead of using self-signed certificates across the board. To facilitate this, I used Windows 2016 CA and OpenSSL to generate the pem files I needed for the vSphere appliances. However, lately when I was automating certificate generation in my lab I noticed a particular flaw when generating the openssl.cfg file to materialize the CSR. The following code was used to perform the request:

$opensslCfg = <your_config_information>
$opensslCfg > openssl.cfg
Openssl req –new –nodes –out rui.cer –keyout rui-org.key –config “C:/<path_to_config>/openssl.cfg”

Doing this would yield the following error:

unable to find ‘distinguished_name’ in config
problems making Certificate Request
3252:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:crypto\conf\conf_lib.c:270

After a lot of troubleshooting, I checked a file that had previously worked when manually created and put it in a tool to check for differences. The text was effectively the same. I tried pasting the text into vim on a Linux box to perform the OpenSSL command and found it worked. This certainly puzzled me, and I went so far as to reinstall OpenSSL and ensure the environment variables were correctly configured. Upon further inspection, I found that the UTF encoding of the files were different. PowerShell by default saved it as a UTF-16, but the original file that worked was marked as UTF-8. I changed the file generated by PowerShell into UTF-8 and it worked flawlessly.

I used this code to perform the cfg generation instead:

[IO.File]::WriteAllLines($fileName, $opensslCfg)

This resulted in the following code:

$opensslCfg = <your_config_information>
[IO.File]::WriteAllLines($fileName, $opensslCfg)
Openssl req –new –nodes –out rui.cer –keyout rui-org.key –config “C:/<path_to_config>/openssl.cfg”

Leave a Reply

Your email address will not be published. Required fields are marked *