Problems adding specific extensions to signed certificates
turgon at mike-leone.com
Fri Feb 7 14:25:37 UTC 2020
On Fri, Feb 7, 2020 at 8:54 AM Michael Leone <turgon at mike-leone.com> wrote:
> Thanks, tho, I did learn a thing or two. I see from this example
> openssl req -config $cfgdir/openssl-root.cnf $passin \
> -set_serial 0x$(openssl rand -hex $sn)\
> -keyform $format -outform $format\
> -key $rootca/private/ca.key.$format -subj "$DN"\
> -new -x509 -days 7300 -sha256 -extensions v3_ca\
> -out $cadir/certs/ca.cert.$format
> That maybe I can pass the explicit section that has the extensions
> that I want, from the command line. I will try that. In my case, the
> "[ usr_cert ]" or perhaps "[ server_cert ]".
Nope, no key extensions in the generated cert, even when passing
"-extensions user_cert" on the CLI.
I'll keep plugging away, I guess.
More information about the openssl-users