Hi i have a problem.
I create Certificates using openssl:
I try to use OCSP-Verifiaction and so i created Extensions:
x509 -req -CAkey ' . $pathToPrivKey . ' -set_serial ' . $serial . ' -in '
. $csrFile . ' -days ' . $days . ' -out ' . $pathToCert
. ' -extfile ' .
$this->cfgPath . ' -extensions content_cert -signkey ' . $pathToPrivKey . '
-CA '. PATH_AUTHOR_CERT_DIR . $authorCertName;
My Problem is:
I get an Certificate, but openSSL creates the Extensions twice, which
violates X.509 http://old.nabble.com/file/p31171410/openssl.cfg openssl.cfg
RFC:
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
89:C1:6F:32:21...CA:0E:AD:EF:2B:53:DF:3D
X509v3 Authority Key Identifier:
keyid:89:C1:6F....AD:EF:2B:53:DF:3D
Authority Information Access:
OCSP - URI:http://localhost:8888
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
89:C1:6F:32:21...AD:EF:2B:53:DF:3D
X509v3 Authority Key Identifier:
keyid:89:C1:6F....EF:2B:53:DF:3D
Authority Information Access:
OCSP - URI:http://localhost:8888
I Attached my Config File for debugging
--
View this message in context:
http://old.nabble.com/Double-Extensions-in-X509-Cert-tp31171410p31171410.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
