-create_serial does not exist in CA.sh, either. -Kyle H
On Tue, Feb 24, 2009 at 1:46 PM, Nguyen, Kim via RT <r...@openssl.org> wrote: > The CA.sh script in 0.9.8j is missing the -extensions v3_ca flag. This > doesn't seem to be a problem in CA.pl > > > In comparision, CA.pl has: > > print "Making CA certificate ...\n"; > system ("$REQ -new -keyout " . > "${CATOP}/private/$CAKEY -out ${CATOP}/$CAREQ"); > system ("$CA -create_serial " . > "-out ${CATOP}/$CACERT $CADAYS -batch " . > "-keyfile ${CATOP}/private/$CAKEY -selfsign " . > "-extensions v3_ca " . > "-infiles ${CATOP}/$CAREQ "); > $RET=$?; > > While CA,.sh has: > > echo "Making CA certificate ..." > $REQ -new -keyout ${CATOP}/private/$CAKEY \ > -out ${CATOP}/$CAREQ > $CA -out ${CATOP}/$CACERT $CADAYS -batch \ > -keyfile ${CATOP}/private/$CAKEY -selfsign \ > -infiles ${CATOP}/$CAREQ > RET=$? > > Note "-extensions v3_ca" is missing....changing the above to: > > else > echo "Making CA certificate ..." > $REQ -new -keyout ${CATOP}/private/$CAKEY \ > -out ${CATOP}/$CAREQ > $CA -out ${CATOP}/$CACERT $CADAYS -batch \ > -keyfile ${CATOP}/private/$CAKEY -selfsign \ > -extensions v3_ca \ > -infiles ${CATOP}/$CAREQ > RET=$? > > > Fixes the problem. > > Kim > > > > The CA.sh script in 0.9.8j is missing the –extensions v3_ca flag. This > doesn’t seem to be a problem in CA.pl > > > > > > In comparision, CA.pl has: > > > > print "Making CA certificate ...\n"; > > system ("$REQ -new -keyout " . > > "${CATOP}/private/$CAKEY -out ${CATOP}/$CAREQ"); > > system ("$CA -create_serial " . > > "-out ${CATOP}/$CACERT $CADAYS -batch " . > > "-keyfile ${CATOP}/private/$CAKEY -selfsign " . > > "-extensions v3_ca " . > > "-infiles ${CATOP}/$CAREQ "); > > $RET=$?; > > > > While CA,.sh has: > > > > echo "Making CA certificate ..." > > $REQ -new -keyout ${CATOP}/private/$CAKEY \ > > -out ${CATOP}/$CAREQ > > $CA -out ${CATOP}/$CACERT $CADAYS -batch \ > > -keyfile ${CATOP}/private/$CAKEY -selfsign \ > > -infiles ${CATOP}/$CAREQ > > RET=$? > > > > Note “-extensions v3_ca” is missing….changing the above to: > > > > else > > echo "Making CA certificate ..." > > $REQ -new -keyout ${CATOP}/private/$CAKEY \ > > -out ${CATOP}/$CAREQ > > $CA -out ${CATOP}/$CACERT $CADAYS -batch \ > > -keyfile ${CATOP}/private/$CAKEY -selfsign \ > > -extensions v3_ca \ > > -infiles ${CATOP}/$CAREQ > > RET=$? > > > > > > Fixes the problem. > > > > Kim > > >