Hi all,
I'm trying to generate a test Global ID certifcate. I'm using
mod_ssl-2.4.2-1.3.9 on solaris.
I've read the instructions on hw to generate a test GlobalId server certifcate
(README.GlobalID). They detail using gid-mkcert.sh, which is not needed now as
far as I can see by reading the
http://www.drh-consultancy.demon.co.uk/ca-fix.html.
I have read openssl-0.9.4/doc/openssl.txt on v3 extensions and attempted to add
the necessary details to the openssl.cnf file, but when I try and sign the
certifcate (which is where I think the extKeyUsage field is added) I get the
error below.
openssl ca -config etc/openssl.cnf -out certs/wholesale-dev.crt -infiles
csr/wholesale-dev.csr
Using configuration from etc/openssl.cnf
Enter PEM pass phrase:
Error Loading extension section usr_cert
8600:error:2207C082:X509 V3 routines:DO_EXT_CONF:unknown extension
name:v3_conf.c:121:
8600:error:2206B080:X509 V3 routines:X509V3_EXT_conf:error in
extension:v3_conf.c:91:name=extKeyUsage, value=2.16.840.1.113730.4.1,
1.3.6.1.4.1.311.10.3.3
I added the extkeyUsage field to the user_cert section of the openssl.cnf file.
as below.
[ usr_cert ]
...
extKeyUsage=2.16.840.1.113730.4.1,1.3.6.1.4.1.311.10.3.3
..
Is this the correct way to go about things? Does anyone have a openssl.cnf file
they have used to generate test GlobalID certs, or instructions on the details
of the openssl commands used to generate and sign the GlobalId cert.
thanks in advance,
michael
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
