[openssl-users] Another problem with openssl x509 -req -- default_enddate

Robert Moskowitz rgm at htt-consult.com
Tue Aug 29 21:36:34 UTC 2017

Another problem.  It is almost like it is not reading the CA selction?

openssl ca -config $dir/openssl-8021AR.cnf -extensions 8021ar_idevid 
-notext -md sha256 \
       -in $dir/csr/$DevID.csr.pem -out $dir/certs/$DevID.cert.pem

processes the default_enddate

default_enddate= 99991231235959Z # per IEEE 802.1AR

to produce:

             Not Before: Aug 29 21:19:33 2017 GMT
             Not After : Dec 31 23:59:59 9999 GMT


    openssl x509 -req -extfile $dir/openssl-8021AR.cnf\
         -extensions 8021ar_idevid -days 365 -sha256\
         -set_serial 0x$(openssl rand -hex $sn)\
         -inform $format -in $dir/csr/$DevID.csr.$format\
         -outform $format -out $dir/certs/$DevID.cert.$format\
         -CAkeyform $format -CAkey 
         -CAform $format -CA $dir/certs/8021ARintermediate.cert.$format

does not.  Even if I leave out the -days option.

I am thinking, do I need to use:

-extensions ca 8021ar_idevid

?? but that will probably be a syntax error.


More information about the openssl-users mailing list