What I have been trying is along the lines of the config file included below, and the complaint from openssl req is:
Error Loading extension section v3_req
28763:error:2207C081:X509 V3 routines:DO_EXT_CONF:unknown extension:v3_conf.c:128:
28763:error:2206B080:X509 V3 routines:X509V3_EXT_conf:error in extension:v3_conf.c:92:name=msOID2, value=V0.0
Is there any more complete documentation on the config file format? I have not yet found any "formal" explanation of constructs like:
certificatePolicies = ia5org,@policy
What else are we not being told? :-)
Thanks,
Bob.
------------------------------------------------------------------------
#OpenSSL config filedir = . oid_section = new_oids
[ ca ] default_ca = CA_default
[ CA_default ] serial = $dir/serial database = $dir/certindex.txt new_certs_dir = $dir/certs certificate = $dir/jasomi.com-cacert.pem private_key = $dir/jasomi.com-cakey.pem default_days = 3650 default_md = sha1 preserve = no email_in_dn = no nameopt = default_ca certopt = default_ca policy = policy_match x509_extensions = v3_ca
[ policy_match ] countryName = match stateOrProvinceName = match organizationName = match organizationalUnitName = optional commonName = supplied emailAddress = optional
[ req ]
default_bits = 2048 # Size of keys
default_keyfile = key.pem # name of generated keys
default_md = sha1 # message digest algorithm
string_mask = nombstr # permitted characters
distinguished_name = req_distinguished_name
x509_extensions = v3_req
oid_section = new_oids
[ req_distinguished_name ]
# Variable name Prompt string
#------------------------- ----------------------------------
0.organizationName = Organization Name (company)
organizationalUnitName = Organizational Unit Name (department, division)
emailAddress = Email Address
emailAddress_max = 40
localityName = Locality Name (city, district)
stateOrProvinceName = State or Province Name (full name)
countryName = Country Name (2 letter code)
countryName_min = 2
countryName_max = 2
commonName = Common Name (hostname, IP, or your name)
commonName_max = 64
# Default values for the above, for consistency and less typing. # Variable name Value #------------------------ ------------------------------ 0.organizationName_default = Jasomi Networks Inc. localityName_default = Calgary stateOrProvinceName_default = Alberta countryName_default = CA organizationalUnitName_default = Engineering Department emailAddress_default = [EMAIL PROTECTED] commonName_default = jasomi.com
[ v3_ca ]
# subjectAltName=${ENV::ALTNAME}
basicConstraints = critical,CA:FALSE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always
keyUsage = digitalSignature, keyCertSign, cRLSign
crlDistributionPoints = URI:http://www.jasomi.com/CRL
#
msOID2 = V0.0
msOID1 = CA[ v3_req ] basicConstraints = critical,CA:FALSE subjectKeyIdentifier = hash keyUsage = digitalSignature, keyCertSign, cRLSign crlDistributionPoints = URI:http://www.jasomi.com/CRL # msOID2 = V0.0 msOID1 = DomainController
[ new_oids ] # MS Certificate Template Name msOID1 = 1.3.6.1.4.1.311.20.2 # MS something or other (CA version?) msOID2 = 1.3.6.1.4.1.311.21.1
-- Bob Bramwell Jasomi Networks (Canada) | This space Ph: 403 269 2938 x155 #310 602 11th Ave SW | intentionally FX: 403 269 2993 Calgary, AB, T2R 1J8 | left blank. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
