AD with PKI authentication - issue on cert generation

Lionel Monchecourt lionel.monchecourt at free.fr
Wed Mar 18 11:40:24 UTC 2020 

Thanks Matt !
I will let you know if there are any issues further when I will use with the Samba AD server
Thx


-----Original Message-----
From: Matt Caswell [mailto:matt at openssl.org] 
Sent: 18 March 2020 12:37
To: Lionel Monchecourt
Cc: openssl-users at openssl.org
Subject: Re: AD with PKI authentication - issue on cert generation



On 18/03/2020 11:35, Lionel Monchecourt wrote:
> Hi Matt, 
> Thanks a lot, 
> Getting the same error for 
> msUPN=1.3.6.1.4.1.311.20.2.3, I removed it as well 
> is it by default in openssl as well ? 
> btw, removing these 2, I can generate my certificate without problem

Yes - it exists so removing it should be fine.

Matt


> 
> -----Original Message-----
> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of
> Matt Caswell
> Sent: 17 March 2020 14:10
> To: openssl-users at openssl.org
> Subject: Re: AD with PKI authentication - issue on cert generation
> 
> 
> 
> On 17/03/2020 12:33, Lionel Monchecourt wrote:
> 
>> I already tried to replace
>>
>> scardLogin=1.3.6.1.4.1.311.20.2.2
>>
>> with
>>
>> msSmartcardLogin=1.3.6.1.4.1.311.20.2.2
> 
> Try removing this line altogether. OpenSSL already has a built-in object
> of this name with this OID so it should not be necessary.
> 
> Matt
> 
>>
>> as I found in the thred but it doesn’t solve my issue.
>>
>> I can post in SSL forum but as it is Samba specific, I’m trying here
>> first as I guess I’m missing something basic ?
>>
>>  
>>
>> Please note that I do not intend to use smartcard, but ONLY certificate,
>> if it can help
>>
>> Thanks !
>>
>>  
>>
>> Lionel
>>
>>  
>>
>>
>>
> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campai
> gn=sig-email&utm_content=emailclient>
>> 	Virus-free. www.avast.com
>>
> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campai
> gn=sig-email&utm_content=emailclient>
>>
>>
>> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
> 
> 


-- 
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

More information about the openssl-users mailing list