Re: Making a CRL with an authority key identifier

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Aha, I can't believe I missed that.
That's why an extra pair of fresh eyes is helpful.
Thank you Juan. I'll test this now.

On Thu, Jun 1, 2017 at 1:22 PM, Juan Angel Martin (AC Camerfirma) <martin_ja@xxxxxxxxxxxxxx> wrote:

Hi,

 

Uncomment line 54

crl_extensions    = crl_ext

 

BR

Juan Ángel

 

De: openssl-users [mailto:openssl-users-bounces@openssl.org] En nombre de Ivan Rubinson
Enviado el: jueves, 1 de junio de 2017 12:15
Para: openssl-users@xxxxxxxxxxx
Asunto: Making a CRL with an authority key identifier

 

Hello,

My name is Ivan, and I'm trying to get OpenSSL to make a CRL with an authority key identifier.

(a third party API expects it from the CRL)

I make my own CA, use it to sign a certificate, and then generate the CRL. This is the configuration file: https://pastebin.com/yL4UBtGW (it's basically the example configuration file with a few changes).

Here are the commands I run:

Making the CA:

openssl req -new -x509 -days 3650 -extensions v3_ca -keyout private/cakey.pem -out cacert.pem -config req.cnf

Making the certificate:

openssl req -new -nodes -out pdf-req.pem -keyout private/pdf-pkey.pem -config req.cnf
openssl ca -config req.cnf -out pdf-cert.pem -infiles pdf-req.pem

Making the CRL:

openssl ca -config req.cnf -gencrl -out crl.pem

 

I'm using OpenSSL-Win64 0.9.8g

Even though on line 251 I ask OpenSSL to have an authority key identifier, the generated CRL doesn't have it. I've searched on google and tried multiple things (like uncommenting issuerAltName, or giving it different options) and the CRL still doesn't have it.

At this point I'm stumped, and I'd like to ask you nice people for help.

Thank you in advance,

Ivan Rubinson

 

Virus-free. www.avast.com

 


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux