> check out the doc/openssl.txt file.
Thanks, that did the trick. This information should
probably be put in the man page, or at least referenced
by it.
As a quick reference for others, the steps I performed
to get x509v3 fields I needed are to create a config file:
----- ext.conf -----
# Default values, overridden by environment variables
USAGE="digitalSignature,keyCertSign"
CONSTRAINTS="CA:false"
IPADDR="0.0.0.0"
# Fill in altname, constraints and keyusage from environment settings
[extensions]
basicConstraints=critical,$ENV::CONSTRAINTS
subjectAltName=IP:$ENV::IPADDR
keyUsage=$ENV::USAGE
---- end ext.conf ----
and then reference these from the x509 commands:
export IPADDR=1.2.3.4
export CONSTRAINTS="CA:true,pathlen:1"
openssl x509 -req -days $LIFE -in $CSR -CA $CACERT -CAkey $CAKEY \
-CAcreateserial -out $CERT \
-extfile ext.conf -extensions extensions
> Greg Stark
> Ethentica, Inc.
> [EMAIL PROTECTED]
Tim N.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
