Hi all,
I am a very beginner of OpenSSL.
I want to add one of x509v3 extensions (AuthorityInfoAccess)
to a certificate, but I can't.
How can I know the way to add extensions? Is there some document?
Or,if there is someone who did it, can you show me the way?
(I'm using 0.9.5a)
Now I have two problems.
1, I can't add any extension to the certificate.
When I enable the line "req_extensions = v3-req" in the file "openssl.cnf"
and make the certificate request by the following command,
openssl req -new -keyout newkey.pem -out newreq.pem
then, I can add the extensions request to the certificate request.
(off course, they are already defined extensions in the section
[v3_req].)
# Requested Extensions:
# X509v3 Basic Constraints:
# CA:FALSE
# X509v3 Key Usage:
# Digital Signature, Non Repudiation, Key Encipherment
And then I make the certificate by following command using that request
openssl x509 -req -in newreq.pem -out newcert.pem
-CA selfcert.pem -CAkey selfkey.pem
but the extensions don't apear in the certificate.
2. I can't add another extension to cnf.
And if I add the new extension entry to the [req_extensions],
it has been error when I make certificate request.
% openssl req -new -keyout newkey.pem -out newreq.pem
Using configuration from /usr/local/ssl/openssl.cnf
Error Loading request extension section v3_req
10016:error:2207C082:X509 V3 routines:DO_EXT_CONF:unknown extension
name:v3_conf.c:121:
10016:error:2206B080:X509 V3 routines:X509V3_EXT_conf:error in
extension:v3_conf.c:91:name=AuthorityInfoAccess, value=http://dvd
750:80
I think this means my definition is wrong, but how can I make it
right? Can someone show me the way? Should I define the oid, too?
Thanks,
Kikuyo Nagamatsu, JAPAN.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]