|
Libor Chocholaty
openssl ca -config etc/intermediate.cnf -extensions server_cert -days 1825 -notext -md sha256 -in intermediate/csr/test.groupesti.com.csr -out intermediate/certs/test.groupesti.com.crt Using configuration from etc/intermediate.cnf Enter pass phrase for /CA/intermediate/private/intermediate.key: ************ Error Loading extension section server_cert 140542588306560:error:0E06D06C:configuration file routines:NCONF_get_string:no value:../crypto/conf/conf_lib.c:273:group=CA_default name=email_in_dn 140542588306560:error:0E06D06C:configuration file routines:NCONF_get_string:no value:../crypto/conf/conf_lib.c:273:group=CA_default name=rand_serial 140542588306560:error:0D06407A:asn1 encoding routines:a2d_ASN1_OBJECT:first num too large:../crypto/asn1/a_object.c:73: 140542588306560:error:2208306E:X509 V3 routines:policy_section:invalid object identifier:../crypto/x509v3/v3_cpols.c:183:section:Cert_policy_server,name:policyIdentifier,value:GroupeSTIAssurance,
GroupeSTIDevice 140542588306560:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in extension:../crypto/x509v3/v3_conf.c:47:name=certificatePolicies, value=ia5org, @Cert_policy_server Intermediate.cnf [ openssl_init ] oid_section = oids_section [ ca ] default_ca = CA_default [ CA_default ] dir = /CA/intermediate certs = $dir/certs crl_dir = $dir/crl new_certs_dir = $dir/newcerts database = $dir/index.txt serial = $dir/serial RANDFILE = $dir/private/.rand private_key = $dir/private/intermediate.key certificate = $dir/certs/intermediate.crt crlnumber = $dir/crlnumber crl = $dir/crl/intermediate.crl crl_extensions = crl_ext default_crl_days = 30 default_md = sha256 name_opt = ca_default cert_opt = ca_default default_days = 375 preserve = no policy = policy_loose [ policy_strict ] countryName = match stateOrProvinceName = match organizationName = match organizationalUnitName = optional commonName = supplied emailAddress = optional [ policy_loose ] countryName = optional stateOrProvinceName = optional localityName = optional organizationName = optional organizationalUnitName = optional commonName = supplied emailAddress = optional [ req ] default_bits = 2048 distinguished_name = req_distinguished_name utf8 = yes string_mask = utf8only name_opt = multiline, -esc_msb, utf8 default_md = sha256 x509_extensions = v3_ca [ req_distinguished_name ] countryName = "1. Nom du pays (2 lettres) (Ex, CA) " countryName_max = 2 countryName_default = CA stateOrProvinceName = "2.
Nom de l'État ou de la province (Ex, Québec) " stateOrProvinceName_default = Québec localityName = "3. Nom de localité (Ex, Saguenay) " localityName_default = Saguenay organizationName = "4. Nom de l'organisation (Ex, Groupe Solutions TI) " organizationName_default = Groupe Solutions TI Inc. organizationalUnitName = "5. Nom de l'unité organisationnelle (Ex, Service web) " organizationalUnitName_default = commonName = "6. Nom de la personne (Ex, Jean Tremblay) " commonName_max = 64 commonName_default = emailAddress = "7.
Adresse courriel (Ex, vous@xxxxxxxxxx " emailAddress_max = 64 emailAddress_default = [ issuer_section ] O = Groupe Solutions TI Inc. CN = Groupe Solutions TI Inc. - Autorité TLS V3 Principal C = CA ST = Québec L = Saguenay streetAddress = 3-4109, Saint-Alexandre postalCode = G8A 2H1 emailAddress = support@xxxxxxxxxxxxx telephoneNumber = +1 (418) 695-9007 [ v3_ca ] subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer basicConstraints = critical, CA:true keyUsage = critical, digitalSignature, cRLSign, keyCertSign [ v3_intermediate_ca ] subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer basicConstraints = critical, CA:true, pathlen:0 keyUsage = critical, digitalSignature, cRLSign, keyCertSign [ usr_cert ] basicConstraints = CA:FALSE nsCertType = client, email subjectKeyIdentifier = hash authorityKeyIdentifier = keyid,issuer keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment extendedKeyUsage = clientAuth, emailProtection SMIME-CAPS = ASN1:SEQUENCE:smime_seq crlDistributionPoints = crl_section [ Policy_usr_cert ] policyIdentifier = GroupeSTIAssurance, GroupeSTIUser CPS = http://cps.groupesti.com [ server_cert ] basicConstraints = CA:FALSE nsCertType = server subjectKeyIdentifier = hash authorityKeyIdentifier = keyid, issuer:always keyUsage = critical, digitalSignature, keyEncipherment extendedKeyUsage = serverAuth certificatePolicies = ia5org, @Cert_policy_server crlDistributionPoints = crl_section [ Cert_policy_server ] policyIdentifier = GroupeSTIAssurance, GroupeSTIDevice CPS.1 = http://cps.groupesti.com [ crl_ext ] authorityKeyIdentifier = keyid:always [ crl_section ] fullname = URI:http://pki.groupesti.com/ca.crl CRLissuer = dirName:issuer_section reasons = keyCompromise, CACompromise authorityKeyIdentifier = keyid:always [ ocsp ] basicConstraints = CA:FALSE subjectKeyIdentifier = hash authorityKeyIdentifier = keyid, issuer keyUsage = critical, digitalSignature extendedKeyUsage = critical, OCSPSigning [ smime_seq ] SMIMECapability.0 = SEQWRAP, OID:sha1 SMIMECapability.1 = SEQWRAP, OID:sha256 SMIMECapability.2 = SEQWRAP, OID:sha1WithRSA SMIMECapability.3 = SEQWRAP, OID:aes-256-ecb SMIMECapability.4 = SEQWRAP, OID:aes-256-cbc SMIMECapability.5 = SEQWRAP, OID:aes-256-ofb SMIMECapability.6 = SEQWRAP, OID:aes-128-ecb SMIMECapability.7 = SEQWRAP, OID:aes-128-cbc SMIMECapability.8 = SEQWRAP, OID:aes-128-ecb SMIMECapability.9 = SEQUENCE:rsa_enc [ oids_section ] GroupeSTIAssurance = 1.3.6.1.4.1.51063.0.1 GroupeSTIUser = 1.3.6.1.4.1.51063.0.1.0 GroupeSTIDevice = 1.3.6.1.4.1.51063.0.1.1 GroupeSTIAssuranceEV = 1.3.6.1.4.1.51063.0.1.2 De : openssl-users <openssl-users-bounces@xxxxxxxxxxx>
De la part de Libor Chocholaty Hi, could you share commands that led to this error? It looks to me referenced non existent section in config file like as param "-extensions" option. Regards, On 2020-04-06 19:43, Richard Simard wrote:
|
