On 2009.06.24 at 18:15:18 +0200, Dirk Reske wrote:
> Hello,
>
> I'm quite new to openssl.
> My question is, how can I sign a csr and add an extension to the
> certificate, that contains only a simple string (an url).
> Perhaps you have some samples for such a config file and the openssl calls.
Here is extempt from real config file used by one of our CAs
[ ca ]
default_ca = CA_default
[ CA_default ]
# Lot of lines describing database location etc here
...
copy_extensions = copy # This for preserve extensions supplied in the CSR
x509_extensions = usr_cert # This is section name for CA-added extensions
[ usr_cert ]
basicConstraints=CA:FALSE # Add basic Constraint extension openssl
# knows, how to handle this syntax
crlDistributionPoints = URI:http://somesite/somepath.crl
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
