This one really has me turned around… I am receiving AKID errors which I have seen earlier:
*Error Loading extension section v3_x509* *2283200:error:22077079:X509 V3 routines:V2I_AUTHORITY_KEYID:no issuer certificate:v3_akey.c:153:* *2283200:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in extension:v3_conf.c:93extension:v3_conf.c:93:name=authorityKeyIdentifier, value=keyid* What I believe this means is that the Authority Key Identifier cannot find the issuing certificate, or in this case, the Root Certificate Authority. To amend this I coded a CSR – Certificate Signing Request for the intermediate Certificate Authority, batched in the CSR and it worked and wrote the certificate out to the database without error. I verified the validity of the intermediate certificate and concatenated the Intermediate Certificate Authority and the Root Certificate Authority. In sum, everything looks fine; the exception being the AKID in the v3_x509 extensions is missing. I was wondering if there is a way to manually pass in the *authorityKeyIdentifier=keyid* value in OpenSSL for the intermediate CA? It exists in the Root CA which does not make sense… Kindest Regards, *Michael * | Analytics Support Engineer
