10 décembre 2019 09:22 "Nikos Mavrogiannopoulos" <[email protected]> a écrit:
> Could you minimize the commands needed to reproduce the issue you are > describing? > Here is a minimal set of commands to reproduce the problem: # Generate the ca certificate echo add_extension = "1.3.6.1.4.1.45724.1.1.4 octet_string(0x0410CD8C395C26EDEEDE653B00797D03CA3C)" >>tmpl certtool --generate-privkey --outfile ca.key certtool --generate-self-signed --load-privkey ca.key --outfile ca.cert --template tmpl # generate the client key certtool --generate-privkey --outfile signed.key # Example 1: create a signed certificate without request certtool --generate-certificate --load-privkey signed.key --outfile signed.cert --load-ca-certificate ca.cert --load-ca-privkey ca.key --template tmpl # Example 2: create a signed certificate with request certtool --generate-request --load-privkey signed.key --outfile signed-r.csr --template tmpl certtool --generate-certificate --load-request signed-r.csr --load-privkey signed.key --outfile signed-r.cert --load-ca-certificate ca.cert --load-ca-privkey ca.key --template tmpl On the example 1, if I create a certificate signed with the ca.cert file without generating the request file first, the signed certificate contains the extension. On the example 2, if I create a certificate signed with the ca.cert file using the request, the signed certificate doesn't contain the extension /Nicolas _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
