Hi, could you share commands that led to this error?
It looks to me referenced non existent section in config file like as param "-extensions" option. Regards, Libor On 2020-04-06 19:43, Richard Simard wrote: > Hi! > > Anybody can help me whit this error? > > Error Loading extension section server_cert > > 140091048477824:error:0E06D06C:configuration file > routines:NCONF_get_string:no > value:../crypto/conf/conf_lib.c:273:group=CA_default name=email_in_dn > > 140091048477824:error:0E06D06C:configuration file > routines:NCONF_get_string:no > value:../crypto/conf/conf_lib.c:273:group=CA_default name=rand_serial > > 140091048477824:error:0D06407A:asn1 encoding routines:a2d_ASN1_OBJECT:first > num too large:../crypto/asn1/a_object.c:73: > > 140091048477824:error:2208306E:X509 V3 routines:policy_section:invalid object > identifier:../crypto/x509v3/v3_cpols.c:183:section:Cert_policy_server,name:policyIdentifier,value:GroupeSTIAssurance, > GroupeSTIDevice > > 140091048477824:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in > extension:../crypto/x509v3/v3_conf.c:47:name=certificatePolicies, > value=ia5org,1.3.6.1.4.1.51063,@Cert_policy_server > > [ openssl_init ] > > oid_section = oids_section > > [ server_cert ] > > basicConstraints = CA:FALSE > > nsCertType = server > > subjectKeyIdentifier = hash > > authorityKeyIdentifier = keyid, issuer:always > > keyUsage = critical, digitalSignature, keyEncipherment > > extendedKeyUsage = serverAuth > > certificatePolicies = ia5org, @Cert_policy_server > > crlDistributionPoints = crl_section > > [ Cert_policy_server ] > > policyIdentifier = GroupeSTIAssurance, GroupeSTIDevice > > CPS.1 = http://cps.groupesti.com > > [ crl_section ] > > fullname = URI:http://pki.groupesti.com/ca.crl > > CRLissuer = dirName:issuer_section > > reasons = keyCompromise, CACompromise > > authorityKeyIdentifier = keyid:always > > [ oids_section ] > > GroupeSTIAssurance = 1.3.6.1.4.1.51063.0.1 > > GroupeSTIUser = 1.3.6.1.4.1.51063.0.1.0 > > GroupeSTIDevice = 1.3.6.1.4.1.51063.0.1.1