When I try to sign a request with my own experimental root-ca with "openssl x509 -req -in foo.req -CA ca.crt -CAkey ca.key -out foo.crt", I always get a V1 certificate no matter if I use extensions or not. Signing the same request with "openssl ca -sign -in foo.req -out foo.crt" I get a V3 certificate with the extensions specified in openssl.cnf. How do I get the same result with the x509 command? I thought the ca command is only a sample application (that uses the other applications: req, x509, ...), so it ought to be possible to achieve the same result "by hand". Does anybody know where I can get more Information about extensions and OID's ? Jörg Schulz ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
