Re: Help with certificatePolicies section

[Libor Chocholaty]

Hi, 

could you share commands that led to this error? 

It looks to me referenced non existent section in config file like as
param "-extensions" option. 

Regards,
Libor 

On 2020-04-06 19:43, Richard Simard wrote:

> Hi! 
> 
> Anybody can help me whit this error? 
> 
> Error Loading extension section server_cert 
> 
> 140091048477824:error:0E06D06C:configuration file 
> routines:NCONF_get_string:no 
> value:../crypto/conf/conf_lib.c:273:group=CA_default name=email_in_dn 
> 
> 140091048477824:error:0E06D06C:configuration file 
> routines:NCONF_get_string:no 
> value:../crypto/conf/conf_lib.c:273:group=CA_default name=rand_serial 
> 
> 140091048477824:error:0D06407A:asn1 encoding routines:a2d_ASN1_OBJECT:first 
> num too large:../crypto/asn1/a_object.c:73: 
> 
> 140091048477824:error:2208306E:X509 V3 routines:policy_section:invalid object 
> identifier:../crypto/x509v3/v3_cpols.c:183:section:Cert_policy_server,name:policyIdentifier,value:GroupeSTIAssurance,
>  GroupeSTIDevice 
> 
> 140091048477824:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in 
> extension:../crypto/x509v3/v3_conf.c:47:name=certificatePolicies, 
> value=ia5org,1.3.6.1.4.1.51063,@Cert_policy_server 
> 
> [ openssl_init ] 
> 
> oid_section  = oids_section 
> 
> [ server_cert ] 
> 
> basicConstraints  = CA:FALSE 
> 
> nsCertType  = server 
> 
> subjectKeyIdentifier  = hash 
> 
> authorityKeyIdentifier  = keyid, issuer:always 
> 
> keyUsage  = critical, digitalSignature, keyEncipherment 
> 
> extendedKeyUsage = serverAuth 
> 
> certificatePolicies = ia5org, @Cert_policy_server 
> 
> crlDistributionPoints = crl_section 
> 
> [ Cert_policy_server ] 
> 
> policyIdentifier  = GroupeSTIAssurance, GroupeSTIDevice 
> 
> CPS.1  = http://cps.groupesti.com 
> 
> [ crl_section ] 
> 
> fullname  = URI:http://pki.groupesti.com/ca.crl 
> 
> CRLissuer = dirName:issuer_section 
> 
> reasons  = keyCompromise, CACompromise 
> 
> authorityKeyIdentifier = keyid:always 
> 
> [ oids_section ] 
> 
> GroupeSTIAssurance  = 1.3.6.1.4.1.51063.0.1 
> 
> GroupeSTIUser = 1.3.6.1.4.1.51063.0.1.0 
> 
> GroupeSTIDevice = 1.3.6.1.4.1.51063.0.1.1