Hi Bob,
the below weird behavior is due to minor bugs in certain situations where the CA app looks for config file entries like "email_in_dn" that are not present.
Usually these (needless) error messages get discarded, but for instance when both "default_startdate" and "default_enddate" are given, this is not done so far.
Fix is in https://github.com/openssl/openssl/pull/20971
Usually these (needless) error messages get discarded, but for instance when both "default_startdate" and "default_enddate" are given, this is not done so far.
Fix is in https://github.com/openssl/openssl/pull/20971
David
On Sun, 2023-05-14 at 19:23 -0400, Robert Moskowitz wrote:
I am using:openssl ca -config $dir/openssl-root.cnf -extensions v3_caWith customizations in the cnf.The command generates the cert to sign, but on doing that (or if I sayN) throws the errors:Certificate is to be certified until Jun 1 00:00:00 2024 GMT (385 days)Sign the certificate? [y/n]:y402C4AD0637F0000:error:0700006C:configuration fileroutines:NCONF_get_string:novalue:crypto/conf/conf_lib.c:315:group=CA_default name=email_in_dn402C4AD0637F0000:error:0700006C:configuration fileroutines:NCONF_get_string:novalue:crypto/conf/conf_lib.c:315:group=CA_default name=rand_serial402C4AD0637F0000:error:0700006C:configuration fileroutines:NCONF_get_string:novalue:crypto/conf/conf_lib.c:315:group=CA_default name=default_days1 out of 1 certificate requests certified, commit? [y/n]yWrite out database with 1 new entriesData Base UpdatedI am using specific dates:default_startdate = $ENV::startdatedefault_enddate = $ENV::enddateValidityNot Before: May 1 00:00:00 2023 GMTNot After : Jun 1 00:00:00 2024 GMTand it is getting the serial numberserial = $dir/serialSerial Number:98:3f:27:9d:c7:3c:69:13And why complaining about email_in_dn?I do get the cert out, but why these errors and what should I be doingabout them?thanks
