Yep, that solved it. Thank you very much. On Thu, Jun 1, 2017 at 1:31 PM, Ivan Rubinson <soryy...@gmail.com> wrote:
> Aha, I can't believe I missed that. > That's why an extra pair of fresh eyes is helpful. > Thank you Juan. I'll test this now. > > On Thu, Jun 1, 2017 at 1:22 PM, Juan Angel Martin (AC Camerfirma) < > martin...@camerfirma.com> wrote: > >> Hi, >> >> >> >> Uncomment line 54 >> >> crl_extensions = crl_ext >> >> >> >> BR >> >> Juan Ángel >> >> >> >> *De:* openssl-users [mailto:openssl-users-boun...@openssl.org] *En >> nombre de *Ivan Rubinson >> *Enviado el:* jueves, 1 de junio de 2017 12:15 >> *Para:* openssl-users@openssl.org >> *Asunto:* [openssl-users] Making a CRL with an authority key identifier >> >> >> >> Hello, >> >> My name is Ivan, and I'm trying to get OpenSSL to make a CRL with an >> authority key identifier. >> >> (a third party API expects it from the CRL) >> >> I make my own CA, use it to sign a certificate, and then generate the >> CRL. This is the configuration file: https://pastebin.com/yL4UBtGW (it's >> basically the example configuration file with a few changes). >> >> Here are the commands I run: >> >> Making the CA: >> >> openssl req -new -x509 -days 3650 -extensions v3_ca -keyout >> private/cakey.pem -out cacert.pem -config req.cnf >> >> Making the certificate: >> >> openssl req -new -nodes -out pdf-req.pem -keyout private/pdf-pkey.pem >> -config req.cnf >> openssl ca -config req.cnf -out pdf-cert.pem -infiles pdf-req.pem >> >> Making the CRL: >> >> openssl ca -config req.cnf -gencrl -out crl.pem >> >> >> >> I'm using OpenSSL-Win64 0.9.8g >> >> Even though on line 251 I ask OpenSSL to have an authority key >> identifier, the generated CRL doesn't have it. I've searched on google and >> tried multiple things (like uncommenting issuerAltName, or giving it >> different options) and the CRL still doesn't have it. >> >> At this point I'm stumped, and I'd like to ask you nice people for help. >> >> Thank you in advance, >> >> Ivan Rubinson >> >> >> >> >> <https://www.avast.com/en-us/lp-safe-emailing-3108-b?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=oa-3108-b> >> >> Virus-free. www.avast.com >> <https://www.avast.com/en-us/lp-safe-emailing-3108-b?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=oa-3108-b> >> >> >> >> -- >> openssl-users mailing list >> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >> >> >
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users