|
List,
I run a local CA and I wish to use the OpenSSL certificates to cipher the EFS ops. To do so, I need to generate the certificates with the extended OID 1.3.6.1.4.1.311.10.3.4 (listed as msEFS on objects.h) My certificate generation flow is: openssl req -nodes -new -x509 \ -keyout /etc/CA/certs/key.pem \ -out /etc/CA/certs/cert.pem -days 365 openssl x509 -x509toreq -in /etc/CA/certs/cert.pem \ -signkey /etc/CA/certs/key.pem \ -out /etc/CA/certs/tmp.pem openssl ca -policy policy_anything \ -out /etc/CA/certs/cert.pem \ -infiles /etc/CA/certs/tmp.pem I've tried creating a file, named ext_oids containing: [ ext_client ] # OID:1.3.6.1.4.1.311.10.3.4 (msEFS) Microsoft Encrypted File System extendedKeyUsage=msEFS subjectAltName=email:copy And appended to step 2 (openssl x509): -extfile /etc/CA/ext_oids -extensions ext_client Didn't work. Any hint? Rodrigo. |
