The CA.sh script in 0.9.8j is missing the -extensions v3_ca flag. This doesn't seem to be a problem in CA.pl
In comparision, CA.pl has:
print "Making CA certificate ...\n";
system ("$REQ -new -keyout " .
"${CATOP}/private/$CAKEY -out ${CATOP}/$CAREQ");
system ("$CA -create_serial " .
"-out ${CATOP}/$CACERT $CADAYS -batch " .
"-keyfile ${CATOP}/private/$CAKEY -selfsign " .
"-extensions v3_ca " .
"-infiles ${CATOP}/$CAREQ ");
$RET=$?;
While CA,.sh has:
echo "Making CA certificate ..."
$REQ -new -keyout ${CATOP}/private/$CAKEY \
-out ${CATOP}/$CAREQ
$CA -out ${CATOP}/$CACERT $CADAYS -batch \
-keyfile ${CATOP}/private/$CAKEY -selfsign \
-infiles ${CATOP}/$CAREQ
RET=$?
Note "-extensions v3_ca" is missing....changing the above to:
else
echo "Making CA certificate ..."
$REQ -new -keyout ${CATOP}/private/$CAKEY \
-out ${CATOP}/$CAREQ
$CA -out ${CATOP}/$CACERT $CADAYS -batch \
-keyfile ${CATOP}/private/$CAKEY -selfsign \
-extensions v3_ca \
-infiles ${CATOP}/$CAREQ
RET=$?
Fixes the problem.
Kim
|
The CA.sh script in 0.9.8j is missing the –extensions v3_ca
flag. This doesn’t seem to be a problem in CA.pl In comparision, CA.pl has: print "Making CA certificate ...\n"; system ("$REQ -new -keyout " . "${CATOP}/private/$CAKEY -out
${CATOP}/$CAREQ"); system ("$CA -create_serial "
. "-out ${CATOP}/$CACERT $CADAYS
-batch " . "-keyfile
${CATOP}/private/$CAKEY -selfsign " . "-extensions v3_ca " . "-infiles ${CATOP}/$CAREQ
"); $RET=$?; While CA,.sh has: echo "Making CA certificate ..." $REQ -new -keyout ${CATOP}/private/$CAKEY \ -out ${CATOP}/$CAREQ $CA -out ${CATOP}/$CACERT $CADAYS -batch \ -keyfile ${CATOP}/private/$CAKEY
-selfsign \ -infiles ${CATOP}/$CAREQ RET=$? Note “-extensions v3_ca” is missing….changing
the above to: else echo "Making CA certificate ..." $REQ -new -keyout ${CATOP}/private/$CAKEY \ -out ${CATOP}/$CAREQ $CA -out ${CATOP}/$CACERT $CADAYS -batch \ -keyfile ${CATOP}/private/$CAKEY
-selfsign \ -extensions v3_ca \ -infiles ${CATOP}/$CAREQ RET=$? Fixes the problem. Kim |
