On Thu, Aug 05, 2004, Mayers, Joshua wrote: > Hello, > > I'm working with an appliance that requires v3 certificates. > > When I create a self-signed cert using OpenSSL with the following > commands, the cert that results is v1. > > I did not find any documentation (man page, openssl.org) on > generating SSL v3 certs with openssl. > > Is there a way to force a self-signed cert to be of version 3? > > Command I used to self-sign the csr: > openssl x509 -req -days 365 -in cert.csr -signkey cert.key -out > cert.crt >
You need to specify appropriate extensions via a config file. There aren't any default ones for the 'x509' utility so it uses none. If you use 'openssl req -x509' instead to create the certificate it will automatically use the correct extensions. Alternatively you can use the command line options: -extfile /path/to/openssl.cnf -extensions v3_ca with the 'x509' utility. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]