" -extfile ../openssl.cnf -extensions usr_cert"
I had ASSUMED that since "openssl req" and "openssl ca" can find the "openssl.cnf" file, that "openssl x509" could also.
-- Dean
Dean Gibson (System Administrator) wrote on 2003-07-25 11:49:
Thanks for the suggestion! I tried it and it didn't work.
I think Umesh's eMail below (note he works for HP) hit the nail on the head. I tried his suggestion (below), and then did:
openssl x509 -req -in hplj4600dn1.csr -CA ultimeth.pem -days 3650 -set_serial 01 -out hplj4600dn1.crt
but the generated certificate still did not show the "extendedKeyUsage" that he mentioned.
...
-- Dean
From: Umesh <[EMAIL PROTECTED]>
Hi,
The certificate on JetDirect can be used for both client and server authentication. JetDirect expects the installed certificate to contain extendedKeyUsage extension with the values serverAuth and clientAuth. Add the following line "extendedKeyUsage = clientAuth, serverAuth" in the section [usr_cert] in openssl.cnf before signing.
Umesh
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]