$ export PATH=/usr/local/sisis-pap/bin:$PATH
$ export OPENSSL=/usr/local/sisis-pap/bin/openssl
$ mkdir new
$ cd new
$ /usr/local/sisis-pap/misc/CA.pl -newca
/usr/local/sisis-pap/bin/openssl req -new -keyout ./demoCA/private/cakey.pem -out ./demoCA/careq.pem
/usr/local/sisis-pap/bin/openssl ca -create_serial -out ./demoCA/cacert.pem -days 1095 -batch -keyfile ./demoCA/private/cakey.pem -selfsign -extensions v3_ca -infiles ./demoCA/careq.pem
Using configuration from /usr/local/sisis-pap/openssl.cnf
$ /usr/local/sisis-pap/misc/CA.pl -newreq
$ /usr/local/sisis-pap/misc/CA.pl -sign
/usr/local/sisis-pap/bin/openssl ca -policy policy_anything -out newcert.pem -infiles newreq.pem
Using configuration from /usr/local/sisis-pap/openssl.cnf
“-days” specifies how long the certificate should be valid for – but you haven’t asked to generate a certificate so openssl just ignores “-days”
Martin Bonner
From: openss...@xxxxxxxxxxx <openss...@xxxxxxxxxxx> On Behalf Of Matthias Apitz
Sent: 29 January 2025 13:24
To: openssl-users <openss...@xxxxxxxxxxx>
Cc: Matthias Apitz <gu...@xxxxxxxxxxx>
Subject: [EXTERNAL] CA.pl error message: Ignoring -days without -x509; not generating a certificate
This is with OpenSSL: openssl version OpenSSL 3. 0. 12 24 Oct 2023 (Library: OpenSSL 3. 0. 12 24 Oct 2023) I generate kex material with CA. pl like: CA. pl -newreq ==== /usr/local/sisis-pap/bin/openssl req -new -keyout newkey. pem -out newreq. pem
This is with OpenSSL:
openssl version
OpenSSL 3.0.12 24 Oct 2023 (Library: OpenSSL 3.0.12 24 Oct 2023)
I generate kex material with CA.pl like:
CA.pl -newreq
====
/usr/local/sisis-pap/bin/openssl req -new -keyout newkey.pem -out newreq.pem -days 3650
Ignoring -days without -x509; not generating a certificate
Generating a 2048 bit RSA private key
.....................+++...
What does this error message mean?
Matthias
Btw:
I read the announcement on July 17, 2024 that the mailing list now moved to here, to Google Groups. IMHO, a very bad idea. Now I can just glance through my mails to see if there is someting of interest for me or my work. I now have to go to here and check this from time to time. Mails I get even when I'm on the road on my Linux cellphone...
Any email and files/attachments transmitted with it are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.--
You received this message because you are subscribed to the Google Groups "openssl-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openssl-user...@xxxxxxxxxxx.
To view this discussion visit https://groups.google.com/a/openssl.org/d/msgid/openssl-users/8c0faf99-f730-4f4a-98f2-aeadb5682b22n%40openssl.org.
You received this message because you are subscribed to the Google Groups "openssl-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openssl-users+unsubscribe@xxxxxxxxxxx.
To view this discussion visit https://groups.google.com/a/openssl.org/d/msgid/openssl-users/2dbd2d17-d60a-4ff5-b6ae-d16beb8d28e3n%40openssl.org.
