AD with PKI authentication - issue on cert generation

Lionel Monchecourt lionel.monchecourt at
Tue Mar 17 12:33:45 UTC 2020


I'm trying to install an AD with PKI auth.I'm so referring to :

Let's put aside of course Samba config ..


I'm now trying to generate the root CA.

Using the template in the wiki ,


When I try to  

openssl req -new req -new -x509 -days 3650 -sha256 -extensions v3_ca -keyout
private/cakey.pem -out cacert.pem -config /etc/ssl/openssl.cnf


I get the following error :


problem creating object msSmartcardLogin=

140375913190464:error:08064066:object identifier routines:OBJ_create:oid


I already tried to replace 




as I found in the thred but it doesn't solve my issue.

I can post in SSL forum but as it is Samba specific, I'm trying here first
as I guess I'm missing something basic ? 


Please note that I do not intend to use smartcard, but ONLY certificate, if
it can help

Thanks !




This email has been checked for viruses by Avast antivirus software.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the openssl-users mailing list