Guys,
I'm trying to use 0.9.8-dev (SNAP-20050428) to issue domain controller certificates for Windows Smart Card logon. I get this error when using FORMAT:HEX modifier with OCT type:
Error Loading extension section dc_cert
3550:error:0E06D06C:configuration file routines:NCONF_get_string:no
value:conf_lib.c:329:group=CA_default name=email_in_dn
3550:error:22075093:X509 V3 routines:v2i_GENERAL_NAME:othername
error:v3_alt.c:501:
3550:error:2206B080:X509 V3 routines:X509V3_EXT_conf:error in
extension:v3_conf.c:93:name=subjectAltName,
value=otherName:1.3.6.1.4.1.311.25.1;FORMAT:HEX,OCT: 010203040506070809101112
13141516
This is my dc_cert section, offending line is the last one:
[ dc_cert ]
crlDistributionPoints = URI:http://pig-dc/demoCA/crl.pem
extendedKeyUsage = clientAuth,serverAuth
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
msCertTemplate = ASN1:BMP:DomainController
subjectAltName =
otherName:1.3.6.1.4.1.311.25.1;FORMAT:HEX,OCT: 010203040506070809101112131415
16
If I don't use FORMAT:HEX, everything runs fine. Any advise?
TIA,
Andrea
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
