I'm troubled by what seems to be a weird problem with private oid definitions in ca.conf.
Issuing a certificate works perfectly with the attached ca.conf file, as long as I specify the private extension via its OID in the [ my_ext ] section. When I replace the OID line with the commented out line above it to use the extension's name that was defined before in the [ new_oid ] section, I get the following error: Using configuration from /usr/local/etc/pki/ca.conf Error Loading extension section my_ext 140474292033192:error:0D06407A: asn1 encoding routines:a2d_ASN1_OBJECT:first num too large:a_object.c:109: 140474292033192:error:22074073:X509 V3 routines:V3_GENERIC_EXTENSION: extension name error:v3_conf.c:271:name=documentTypeList Am I doing something wrong or did I stumble over a bug? Why is the OID definition in the [ new oid ] section not being picked up? The command I use to issue the cert is: $ openssl ca \ -config ca.conf \ -batch \ -subj $SUBJECT_NAME \ -startdate $CERT_VALID_FROM \ -enddate $CERT_VALID_TO \ - in $REQUEST_FILE This is with openssl v1.0.0-beta3 on SLES11. Thanks for any insight, Patrick Eisenacher
ca.conf
Description: ca.conf