[openssl-users] Another problem with openssl x509 -req -- default_enddate
Robert Moskowitz
rgm at htt-consult.com
Tue Aug 29 21:36:34 UTC 2017
Another problem. It is almost like it is not reading the CA selction?
openssl ca -config $dir/openssl-8021AR.cnf -extensions 8021ar_idevid
-notext -md sha256 \
-in $dir/csr/$DevID.csr.pem -out $dir/certs/$DevID.cert.pem
processes the default_enddate
default_enddate= 99991231235959Z # per IEEE 802.1AR
to produce:
Not Before: Aug 29 21:19:33 2017 GMT
Not After : Dec 31 23:59:59 9999 GMT
But
openssl x509 -req -extfile $dir/openssl-8021AR.cnf\
-extensions 8021ar_idevid -days 365 -sha256\
-set_serial 0x$(openssl rand -hex $sn)\
-inform $format -in $dir/csr/$DevID.csr.$format\
-outform $format -out $dir/certs/$DevID.cert.$format\
-CAkeyform $format -CAkey
$dir/private/8021ARintermediate.key.$format\
-CAform $format -CA $dir/certs/8021ARintermediate.cert.$format
does not. Even if I leave out the -days option.
I am thinking, do I need to use:
-extensions ca 8021ar_idevid
?? but that will probably be a syntax error.
thanks
More information about the openssl-users
mailing list