Dear Sergio, please use a to-the-point email subject, not "openssl-users Digest, Vol 94, Issue 24".
You just made a small mistake with the below command: after the "-subj" option its "/" (which denotes the empty Distinguished Name) is missing, or any other DN string, and thus the subsequent "-addext" gets misinterpreted. Unfortunately, the "openssl" CLI command so far did not provide a useful error message in such cases, but some time ago I improved this. So with the current master version, the hint given is slightly better: req: Extra option: "subjectKeyIdentifier=hash" req: Use -help for summary. and this will be available with OpenSSL 3.1. BTW, if you want a validity period of exactly 100 years, you need to take into account 24 leap days/years, so better use "-days 36524" than "-days 36500". Best, David On Tue, 2022-09-20 at 09:30 +0000, A Z wrote: Dear OpenSSL Users and Programmers, I tried running the following command in Windows 64 bit Home edition, and got the error: >openssl req -nodes -newkey rsa:4096 -keyout pkey.pem -x509 -out cert.pem -days >36500 -subj -addext "subjectKeyIdentifier=hash" req: Use -help for summary. >openssl version OpenSSL 3.0.0 7 sep 2021 (Library: OpenSSL 3.0.0 7 sep 2021) In the email bundle reply, this line is suggested to generate a private key and a PEM certificate. How can I get this to run on the Windows 10 64 bit, even when in Administrator mode? Sergio Minervini.
