I believe the oid_file key in the config is used by the ca and req applets and is meant to be a value rather than a section (i.e. oid_file = /path/to/oid/file/name)
To do what I believe you are trying to do above, you need to follow the directions here: https://www.openssl.org/docs/man1.1.1/man5/config.html by assigning an oid_section like this: oid_section = my_oid_section_name And then creating the section: [my_oid_section_name] some_new_oid = 1.2.3.4 On Thu, Jun 27, 2024 at 1:48 AM Dvorcovoy Dmitry V. via openssl-users < openssl-users@openssl.org> wrote: > I want to make my own tiny rootca. > There are problem with supporting OIDS. I found in documentation about > oid_file, but can not decode syntax of values. > DER: works fine, but I want to use more readeable format. > > All I can find is the same docs without a tiny working example how to use > my defined oids. > sample: > [oid_file] > 1.3.6.1.4.1.311.21.1 msCAversion XCN_OID_CERTSRV_CA_VERSION > 1.3.6.1.4.1.311.21.4 msCRLNextPublish XCN_OID_CRL_NEXT_PUBLISH > > [ca.conf] > oid_file =oid.txt > ... > [ crl_ext ] > authorityKeyIdentifier=keyid:always > msCAversion = DER:020101 > msCRLNextPublish = DER:170D3234303930393131333635395A > > with these options all works ok. > >openssl ca -config ca.conf -gencrl -crlexts crl_ext -out crl.pem > > but when I try anything like this: > msCAversion = 1 > msCAversion = INT:01 > msCAversion = INTEGER:0x01 > (and many other combinations) > > I'll got the same error: > Using configuration from ca.conf > Error checking CRL extension section crl_ext > 00CEC9A0FA7F0000:error:11000081:X509 V3 routines:do_ext_nconf:unknown > extension:crypto/x509/v3_conf.c:92: > 00CEC9A0FA7F0000:error:11000080:X509 V3 > routines:X509V3_EXT_nconf_int:error in > extension:crypto/x509/v3_conf.c:48:section=crl_ext, name=msCAversion, > value=INTEGER:0x01 > > Same with datetime, there are no help about it's format: > msCRLNextPublish =UTC > =: UTCTIME:"2024-Sep-09 11:36:59" > =ANS1.UTCTIME.... > > How to properly fromat values and please, include it with examples to > documentation? > > And what to do to make -text outpul with readeable format, not just dump > of OIDs? I think, there have to be some global OID config file, but where > is it? >
