Public bug reported:
This is my first bug report with Ubuntu, so apologies if I'm going about
this the wrong way.
I'm running Ubuntu 14.04 LTS (Release 14.04), and am trying to create a
server certificate using easy-rsa version 2.2.2-1.
The commands I used to create the certificate were:
sudo apt-get install easy-rsa
cp -r /usr/share/easy-rsa ~
cd ~/easy-rsa
vim ./vars
(edit KEY_* defaults)
source ./vars
./clean-all
./build-dh
./pkitool --initca
./pkitool --server my-common-name
On the last command, I receive the following error:
Using Common Name: my-common-name
Error Loading extension section server
140532105823904:error:2207507C:X509 V3 routines:v2i_GENERAL_NAME_ex:missing
value:v3_alt.c:537:
140532105823904:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in
extension:v3_conf.c:93:name=subjectAltName, value=my-common-name
In ./vars I only adjusted the default values for KEY_COUNTRY, KEY_PROVINCE,
KEY_CITY, KEY_ORG, KEY_EMAIL, KEY_OU to suit my situation, and at the end of
the file uncommented the KEY_CN name and set to the value of my-common-name.
Upon checking the openssl-1.0.0.cnf file on line 220, the subjectAltName
variable in the [server] section seems to be set from the KEY_ALTNAMES
environmental variable. However, exporting this variable to either a
blank or non-blank value before running ./pkitool seems to make no
difference.
I did notice that by commenting out line 220, the ./pkitool then creates
a server certificate without issue.
While it's easy enough to simply comment this line before running
./pkitool, but the end goal here is to automate the certificate creation
using puppet, so it would be great to have the default openssl-1.0.0.cnf
configuration work from environmental variables out of the box.
Of course if I'm missing something, please let me know!
** Affects: easy-rsa (Ubuntu)
Importance: Undecided
Status: New
** Tags: easy-rsa pkitool subjectaltname
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1346776
Title:
Server certificate creation crashes without subjectAltName
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/easy-rsa/+bug/1346776/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs