Hello, I have a problem with OIDs during CA root certificate renewal. I am using openssl 0.9.6b. I've performed the following steps: 1) Converting existing certificate to CSR: openssl x509 -x509toreq -in old_cert.pem -signkey PrivKey.pem -out careq.csr
2)Signing the request with existing private key.
openssl x509 -req -days 333 -extfile openssl.cnf -extensions v3_ca
-signkey PrivKey.pem -in careq.csr -out cacert.pem
I've tried two options in openssl.cnf file. In either cases I've got an
error when executed the second command.
* First option:
oid_section=new_oids
[ new_oids ]
AOID=a.b.c.d.e.f.g
BOID=${AOID}.h
COID=${BOID}.i.j.k
[ policy01 ]
policyIdentifier=COID
[ v3_ca ]
...
certificatePolicies=ia5org, @policy01
...
I've got:
Error Loading extension section v3_ca
487:error:2208306E:X509 V3 routines:POLICY_SECTION:invalid object\
identifier:v3_cpols.c:159:section:policy01,name:policyIdentifier,value:COID
487:error:2206B080:X509 V3 routines:X509V3_EXT_conf:error in
extension:v3_conf.c:91:name=certificatePolicies,\ value=ia5org, @policy01
* Second option:
[ policy01 ]
policyIdentifier=a.b.c.d.e.f.g.h.i.j.k
[ v3_ca ]
...
certificatePolicies=ia5org, @policy01
...
I've got:
Error Loading extension section v3_ca
491:error:0D06B089:asn1 encoding routines:ASN1_get_object:too
long:asn1_lib.c:130:
491:error:0D081065:asn1 encoding routines:d2i_ASN1_OBJECT:bad object
header:a_object.c:217:
491:error:2208306E:X509 V3 routines:POLICY_SECTION:invalid object\
identifier:v3_cpols.c:159:section:policy01,name:policyIdentifier,value:a.b.c.d.e.f.g.h.i.j.k
491:error:2206B080:X509 V3 routines:X509V3_EXT_conf:error in
extension:v3_conf.c:91:name=certificatePolicies,\ value=ia5org, @policy01
How can I address this issue?
Thank you in advance,
Arsen.
--
PGP Key: ID 0xBBE3DFD8 (expires: 2006-08-03)
Fingerprint: 1C3B 2C01 40DF ED87 23B1 BF6F 95C4 2E77 BBE3 DFD8
smime.p7s
Description: S/MIME Cryptographic Signature
