Help with certificatePolicies section
Libor Chocholaty
ossl at mts.cz
Mon Apr 6 20:42:27 UTC 2020
Hi,
could you share commands that led to this error?
It looks to me referenced non existent section in config file like as
param "-extensions" option.
Regards,
Libor
On 2020-04-06 19:43, Richard Simard wrote:
> Hi!
>
> Anybody can help me whit this error?
>
> Error Loading extension section server_cert
>
> 140091048477824:error:0E06D06C:configuration file routines:NCONF_get_string:no value:../crypto/conf/conf_lib.c:273:group=CA_default name=email_in_dn
>
> 140091048477824:error:0E06D06C:configuration file routines:NCONF_get_string:no value:../crypto/conf/conf_lib.c:273:group=CA_default name=rand_serial
>
> 140091048477824:error:0D06407A:asn1 encoding routines:a2d_ASN1_OBJECT:first num too large:../crypto/asn1/a_object.c:73:
>
> 140091048477824:error:2208306E:X509 V3 routines:policy_section:invalid object identifier:../crypto/x509v3/v3_cpols.c:183:section:Cert_policy_server,name:policyIdentifier,value:GroupeSTIAssurance, GroupeSTIDevice
>
> 140091048477824:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in extension:../crypto/x509v3/v3_conf.c:47:name=certificatePolicies, value=ia5org,1.3.6.1.4.1.51063, at Cert_policy_server
>
> [ openssl_init ]
>
> oid_section = oids_section
>
> [ server_cert ]
>
> basicConstraints = CA:FALSE
>
> nsCertType = server
>
> subjectKeyIdentifier = hash
>
> authorityKeyIdentifier = keyid, issuer:always
>
> keyUsage = critical, digitalSignature, keyEncipherment
>
> extendedKeyUsage = serverAuth
>
> certificatePolicies = ia5org, @Cert_policy_server
>
> crlDistributionPoints = crl_section
>
> [ Cert_policy_server ]
>
> policyIdentifier = GroupeSTIAssurance, GroupeSTIDevice
>
> CPS.1 = http://cps.groupesti.com
>
> [ crl_section ]
>
> fullname = URI:http://pki.groupesti.com/ca.crl
>
> CRLissuer = dirName:issuer_section
>
> reasons = keyCompromise, CACompromise
>
> authorityKeyIdentifier = keyid:always
>
> [ oids_section ]
>
> GroupeSTIAssurance = 1.3.6.1.4.1.51063.0.1
>
> GroupeSTIUser = 1.3.6.1.4.1.51063.0.1.0
>
> GroupeSTIDevice = 1.3.6.1.4.1.51063.0.1.1
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20200406/2d92cd68/attachment.html>
More information about the openssl-users
mailing list