On Wed, Aug 21, 2013, redpath wrote: > *openssl Configuration question:* > > I am using these command to create a CA signed cert. > > openssl req -new -nodes -out my.csr -days 730 -keyout > mykey.pem > -batch *-extensions * v3_OCSP -config configname.cnf > > openssl ca -out *mycert.pem* -in my.csr -passin pass:password -config > configname.cnf > -batch -cert CAcert.pem > ... > > *I am sure there is something I am missing in the config or the command line > creating the certs, I am using the -extensions option* >
OpenSSL does not copy extensions in certificate requests to certificates by default. You need to include "copy_extensions" to enable it. Alternatively just specify the extension section on the command line to 'ca'. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org