Problems adding specific extensions to signed certificates

Michael Leone turgon at
Fri Feb 7 14:25:37 UTC 2020

On Fri, Feb 7, 2020 at 8:54 AM Michael Leone <turgon at> wrote:
> Thanks, tho, I did learn a thing or two. I see from this example
> openssl req -config $cfgdir/openssl-root.cnf $passin \
>      -set_serial 0x$(openssl rand -hex $sn)\
>      -keyform $format -outform $format\
>      -key $rootca/private/ca.key.$format -subj "$DN"\
>      -new -x509 -days 7300 -sha256 -extensions v3_ca\
>      -out $cadir/certs/ca.cert.$format
> That maybe I can pass the explicit section that has the extensions
> that I want, from the command line. I will try that. In my case, the
> "[ usr_cert ]" or perhaps "[ server_cert ]".

Nope, no key extensions in the generated cert, even when passing
"-extensions user_cert" on the CLI.

I'll keep plugging away, I guess.

More information about the openssl-users mailing list