I am using the following command inside a Perl program: $ /opt/openssl/bin/openssl req -passout stdin < /tmp/6I0ZLcltuD \ -config CA-default.org/ca-ssl.conf -out CA-default.org/certs/cacert.pem \ -outform PEM -newkey rsa -x509 -batch -verbose
and get the following response, quote: Using configuration from CA-default.org/ca-ssl.conf Generating a 4096 bit RSA private key ....++++++ ....................................++++++ writing new private key to 'CA-default.org/private/cakey.pem' ----- error, no objects specified in config file problems making Certificate Request end quote. The CA private key is created but all other requested files are non-existent. Next I added this line in the req section of the conf file: prompt = no The same command line as above then produced this error, quote problems making Certificate Request 140233213818536:error:0D06407A:asn1 encoding routines:a2d_ASN1_OBJECT:first num too large:a_object.c:109: 140233213818536:error:0B083077:x509 certificate routines:X509_NAME_ENTRY_create_by_txt:invalid field name:x509name.c:285:name=countryName_min end quote. After several such iterations I eventually had to remove the following lines in the req section (they were all suggested by several books and online references): countryName_min = 2 countryName_max = 2 commonName_max = 64 emailAddress_max = 64 i ran the same command again and got a good command completion. I looked at the source code and it looks like I should be able to rely in the following file to define all valid object names for a Linux system: ./include/ Can I rely on that file to be the single definitive source for valid conf file object names? Thanks. Best regards, -Tom ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
