"oid_section = new_oids" must be in the top level, not in [ca], [myca],
or whatever. Just move that declaration to the top.
ICAO has only defined document types 'P' and 'ID', hasn't it?
--
Erwann ABALEA
Le 13/02/2013 16:46, Eisenacher, Patrick a écrit :
I'm troubled by what seems to be a weird problem with private oid definitions
in ca.conf.
Issuing a certificate works perfectly with the attached ca.conf file, as long
as I specify the private extension via its OID in the [ my_ext ] section. When
I replace the OID line with the commented out line above it to use the
extension's name that was defined before in the [ new_oid ] section, I get the
following error:
Using configuration from /usr/local/etc/pki/ca.conf
Error Loading extension section my_ext
140474292033192:error:0D06407A: asn1 encoding routines:a2d_ASN1_OBJECT:first
num too large:a_object.c:109:
140474292033192:error:22074073:X509 V3 routines:V3_GENERIC_EXTENSION: extension
name error:v3_conf.c:271:name=documentTypeList
Am I doing something wrong or did I stumble over a bug? Why is the OID
definition in the [ new oid ] section not being picked up?
The command I use to issue the cert is:
$ openssl ca \
-config ca.conf \
-batch \
-subj $SUBJECT_NAME \
-startdate $CERT_VALID_FROM \
-enddate $CERT_VALID_TO \
- in $REQUEST_FILE
This is with openssl v1.0.0-beta3 on SLES11.
Thanks for any insight,
Patrick Eisenacher
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org