Problems adding specific extensions to signed certificates
Michael Wojcik
Michael.Wojcik at microfocus.com
Fri Feb 7 20:07:11 UTC 2020
> From: Michael Leone [mailto:turgon at mike-leone.com]
> Sent: Friday, February 07, 2020 11:55
>
> How is that this works for everyone else, and not me? :-)
It doesn't.
I just reviewed this whole note stream, and realized you're using "openssl req" to create the certificate, rather than "openssl ca", according to your first note.
openssl req doesn't respect copy_extensions, because it doesn't use a CA-section in the configuration file.
To accomplish what you want, you'll have to use openssl ca. There are a number of walkthroughs online for setting that up.
--
Michael Wojcik
Distinguished Engineer, Micro Focus
More information about the openssl-users
mailing list