> Hello Aleksandar, > I followed your hints. > I generated the ca with CA:True, but I run into an error > when coming to the following command > > I replaced hostname by oracle and ../server.cnf by /etc/ssl/server.cnf > because I put the files there. > > oracle:/usr/share/ssl/myca # openssl ca -policy policy_anything -days 365 > -extfile /etc/ssl/server.cnf -infiles reqs/oracle-ldap.req > Using configuration from /etc/ssl/openssl.cnf > Enter pass phrase for /usr/share/ssl/myca/private/cakey.pem: > Check that the request matches the signature > Signature ok > ERROR: adding extensions in section default > 11768:error:22097082:X509 V3 routines:DO_EXT_NCONF:unknown extension > name:v3_conf.c:124: > 11768:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in > extension:v3_conf.c:93:name=HOME, value=. > > Sorry, but I'm not able to interpret this messages, I know to less about > certifikates.
It could be we are using different versions of openssl. Just remove (or comment) HOME and RANDFILE lines from the beggining of the openssl.cnf file. If you run into trouble with the second RANDFILE definition in myca section, you could comment out that one too. On Linux /dev/random and /dev/urandom are used anyhow. --- You are currently subscribed to [email protected] as: [EMAIL PROTECTED] To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the SUBJECT of the message.
