On Tue, Nov 09, 2004, ray v wrote: > Hi All! > > I created an OID section but I'm a little confused > with how to use it. My example... > > oid_section = my_oids > > [my_oids] > value1 = 1.3.6.1.4.1.9999.1 > value2 = 1.3.6.1.4.1.9999.2 > value3 = 1.3.6.1.4.1.9999.3 > > > If I specify the -config sample.cnf when creating the > key, request and certificate this all works fine. When > I recieved and outside cert request it fails with > > Error Loading extension section default > 10765:error:2207C082:X509 V3 > routines:DO_EXT_CONF:unknown extension > name:v3_conf.c:123: > 10765:error:2206B080:X509 V3 > routines:X509V3_EXT_conf:error in > extension:v3_conf.c:92:name=oid_section > > Being new to this I'm not sure if I'm asking the right > question. I need to add extensions to certificate > during the certificate gen and signing process. The > oids_section is in the global or default am I missing > something here? Is there something I'm supposed to put > in the [req] section regarding the new oids? > > All help will be appreciate... > I'm loosing my hair faster then a cat in October! > thanks! >
Well that looks like you are placing oid_section in the wrong place. The preferred way to add OIDs is via the autoconfig OID module which then makes the OID names visible to all compliant applications. Look in the config(5) manual page also at: http://www.openssl.org/docs/apps/config.html However you can't automatically add an extension just because OpenSSL has a name for an OID. The standard extensions have support code which can be used to translate parts of the configuration file into the appropriate extension syntax. You can manually include the extension using the DER: syntax or the more flexible ASN1: syntax in OpenSSL 0.9.8-dev. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
