[openssl-users] Making a CRL with an authority key identifier

Ivan Rubinson soryy708 at gmail.com
Thu Jun 1 13:35:22 UTC 2017 

Yep, that solved it. Thank you very much.

On Thu, Jun 1, 2017 at 1:31 PM, Ivan Rubinson <soryy708 at gmail.com> wrote:

> Aha, I can't believe I missed that.
> That's why an extra pair of fresh eyes is helpful.
> Thank you Juan. I'll test this now.
>
> On Thu, Jun 1, 2017 at 1:22 PM, Juan Angel Martin (AC Camerfirma) <
> martin_ja at camerfirma.com> wrote:
>
>> Hi,
>>
>>
>>
>> Uncomment line 54
>>
>> crl_extensions    = crl_ext
>>
>>
>>
>> BR
>>
>> Juan Ángel
>>
>>
>>
>> *De:* openssl-users [mailto:openssl-users-bounces at openssl.org] *En
>> nombre de *Ivan Rubinson
>> *Enviado el:* jueves, 1 de junio de 2017 12:15
>> *Para:* openssl-users at openssl.org
>> *Asunto:* [openssl-users] Making a CRL with an authority key identifier
>>
>>
>>
>> Hello,
>>
>> My name is Ivan, and I'm trying to get OpenSSL to make a CRL with an
>> authority key identifier.
>>
>> (a third party API expects it from the CRL)
>>
>> I make my own CA, use it to sign a certificate, and then generate the
>> CRL. This is the configuration file: https://pastebin.com/yL4UBtGW (it's
>> basically the example configuration file with a few changes).
>>
>> Here are the commands I run:
>>
>> Making the CA:
>>
>> openssl req -new -x509 -days 3650 -extensions v3_ca -keyout
>> private/cakey.pem -out cacert.pem -config req.cnf
>>
>> Making the certificate:
>>
>> openssl req -new -nodes -out pdf-req.pem -keyout private/pdf-pkey.pem
>> -config req.cnf
>> openssl ca -config req.cnf -out pdf-cert.pem -infiles pdf-req.pem
>>
>> Making the CRL:
>>
>> openssl ca -config req.cnf -gencrl -out crl.pem
>>
>>
>>
>> I'm using OpenSSL-Win64 0.9.8g
>>
>> Even though on line 251 I ask OpenSSL to have an authority key
>> identifier, the generated CRL doesn't have it. I've searched on google and
>> tried multiple things (like uncommenting issuerAltName, or giving it
>> different options) and the CRL still doesn't have it.
>>
>> At this point I'm stumped, and I'd like to ask you nice people for help.
>>
>> Thank you in advance,
>>
>> Ivan Rubinson
>>
>>
>>
>>
>> <https://www.avast.com/en-us/lp-safe-emailing-3108-b?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=oa-3108-b>
>>
>> Virus-free. www.avast.com
>> <https://www.avast.com/en-us/lp-safe-emailing-3108-b?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=oa-3108-b>
>>
>>
>>
>> --
>> openssl-users mailing list
>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170601/0acef829/attachment.html>

More information about the openssl-users mailing list