On Mon, May 02, 2005, Andrea Cogliati wrote: > Guys, > > I'm trying to use 0.9.8-dev (SNAP-20050428) to issue domain controller > certificates for Windows Smart Card logon. I get this error when using > FORMAT:HEX modifier with OCT type: > > Error Loading extension section dc_cert > 3550:error:0E06D06C:configuration file routines:NCONF_get_string:no > value:conf_lib.c:329:group=CA_default name=email_in_dn > 3550:error:22075093:X509 V3 routines:v2i_GENERAL_NAME:othername > error:v3_alt.c:501: > 3550:error:2206B080:X509 V3 routines:X509V3_EXT_conf:error in > extension:v3_conf.c:93:name=subjectAltName, > value=otherName:1.3.6.1.4.1.311.25.1;FORMAT:HEX,OCT: > 010203040506070809101112 > 13141516 > > > This is my dc_cert section, offending line is the last one: > > [ dc_cert ] > > crlDistributionPoints = URI:http://pig-dc/demoCA/crl.pem > extendedKeyUsage = clientAuth,serverAuth > basicConstraints = CA:FALSE > keyUsage = nonRepudiation, digitalSignature, keyEncipherment > msCertTemplate = ASN1:BMP:DomainController > subjectAltName = > otherName:1.3.6.1.4.1.311.25.1;FORMAT:HEX,OCT: > 010203040506070809101112131415 > 16 > > > If I don't use FORMAT:HEX, everything runs fine. Any advise? >
http://www.openssl.org/docs/apps/x509v3_config.html#NOTES Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
