On Tue, Jun 19, 2007, Arsen Hayrapetyan wrote: > Hello there, > > Does anybody know the answer to this question? > It is the first time my e-mail hasn't been answered on this mailing > list, I always get > very clear and detailed answers here... :( > > Arsen. > > Arsen Hayrapetyan wrote: > >Hello, > > > >I am using the latest version of OpenSSL (0.9.8e) and want to make the CRL > >v2 (using openssl ca -gencrl) with the CRL extension 'CRL Number' and CRL > >entry extension 'Reason Code'. > > > > > (as defined in RFC 3280) > >What shall I add to my openssl.cnf [ crl_ext ] ? > >
The reason code doesn't need any changes to openssl.cnf but you need to specify the reason code to use when you revoke a certificate. If you are using a recent version of OpenSSL it may already be adding the CRL number extension. Check with: openssl crl -in crl.pem -text -noout This is all documented in the ca manual page. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
