[openssl-users] Errors on EndEntity cert generation

Robert Moskowitz rgm at htt-consult.com
Fri Jul 27 17:07:20 UTC 2018


The hits just keep on coming.  Made my cert req,

    openssl req -config $dir/openssl-intermediate.cnf\
        -key $dir/private/$serverfqdn.key.$format \
        -subj "$DN" -new -out $dir/csr/$serverfqdn.csr.$format

DN='/C=US/ST=MI/L=Oak Park/O=HTT Consulting'

then tried to make the cert with:

    openssl ca -config $dir/openssl-intermediate.cnf -days 375\
        -extensions server_cert -notext -md null \
        -in $dir/csr/$serverfqdn.csr.$format\
        -out $dir/certs/$serverfqdn.cert.$format

(note use of -md null and nothing got the earlier error)

Using configuration from /root/ca/intermediate/openssl-intermediate.cnf
Enter pass phrase for /root/ca/intermediate/private/intermediate.key.pem:
Error Loading extension section server_cert
3065065488:error:0E06D06C:configuration file 
routines:NCONF_get_string:no 
value:crypto/conf/conf_lib.c:275:group=CA_default name=email_in_dn
3065065488:error:0E06D06C:configuration file 
routines:NCONF_get_string:no 
value:crypto/conf/conf_lib.c:275:group=CA_default name=rand_serial
3065065488:error:2206D06C:X509 V3 routines:X509V3_parse_list:invalid 
null name:crypto/x509v3/v3_utl.c:360:
3065065488:error:22097069:X509 V3 routines:do_ext_nconf:invalid 
extension 
string:crypto/x509v3/v3_conf.c:93:name=crlDistributionPoints,section=
3065065488:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in 
extension:crypto/x509v3/v3_conf.c:47:name=crlDistributionPoints, value=


Please help me with these latest errors.

Thanks



More information about the openssl-users mailing list