thank you for answering.
So ignore and eventually Fedora will get updated. :)
On 5/15/23 14:12, David von Oheimb
wrote:
Hi Bob,
the below weird behavior is due to minor bugs in certain situations where the CA app looks for config file entries like "email_in_dn" that are not present.
Usually these (needless) error messages get discarded, but for instance when both "default_startdate" and "default_enddate" are given, this is not done so far.
Fix is in https://github.com/openssl/openssl/pull/20971
David
On Sun, 2023-05-14 at 19:23 -0400, Robert Moskowitz wrote:I am using:
openssl ca -config $dir/openssl-root.cnf -extensions v3_ca
With customizations in the cnf.
The command generates the cert to sign, but on doing that (or if I say
N) throws the errors:
Certificate is to be certified until Jun 1 00:00:00 2024 GMT (385 days)
Sign the certificate? [y/n]:y
402C4AD0637F0000:error:0700006C:configuration file
routines:NCONF_get_string:no
value:crypto/conf/conf_lib.c:315:group=CA_default name=email_in_dn
402C4AD0637F0000:error:0700006C:configuration file
routines:NCONF_get_string:no
value:crypto/conf/conf_lib.c:315:group=CA_default name=rand_serial
402C4AD0637F0000:error:0700006C:configuration file
routines:NCONF_get_string:no
value:crypto/conf/conf_lib.c:315:group=CA_default name=default_days
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
I am using specific dates:
default_startdate = $ENV::startdate
default_enddate = $ENV::enddate
Validity
Not Before: May 1 00:00:00 2023 GMT
Not After : Jun 1 00:00:00 2024 GMT
and it is getting the serial number
serial = $dir/serial
Serial Number:
98:3f:27:9d:c7:3c:69:13
And why complaining about email_in_dn?
I do get the cert out, but why these errors and what should I be doing
about them?
thanks
