RE: Questions about X509 certificate extension

James Xie Thu, 14 Dec 2000 12:29:14 -0800

Thanks. I actually have the posted message mentioned, I read it quite a few
times already. I tried the steps suggested but still can not make it work. 

This is what did:

1. Create an client request
        openssl genrsa -des3 -out my.key
        openssl req -new -key my.key -out my.csr

2. create an ext.cnf file and sign the request using x509 utility.

[ extensions_cert ]
##Test extension
1.3.6.1.4.1=DER:16:14:21:2E:33:2E

$ openssl x509 -req -in my.csr -out my.crt -CA ca.crt -CAkey ca.key
-extensions extensions_cert -extfile ext.cnf

I got the following error messages:

ca.srl: No such file or directory
32673:error:02001002:system library:fopen:No such file or
directory:bss_file.c:2
45:fopen('ca.srl','r')
32673:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:247: 

what is ca.srl file? I only have ca.crt and ca.key.  I think this is not
related to the extenion but something to do with openssl command. I can use
"sign.sh" comes with ssl to sign a normal request wihtout any problems. 

thanks in advance

James










-----Original Message-----
From: Eckard Wille [mailto:[EMAIL PROTECTED]]
Sent: Thursday, December 14, 2000 1:03 AM
To: [EMAIL PROTECTED]
Subject: Re: Questions about X509 certificate extension


James Xie schrieb:
> 
> After more reading and playing around with mod_ssl, Now I was able to
> retrieve a standard client certificate using mod_perl script on the
server.
> The question I have now is how to add a private extension (and how to
define
> one) to a client certificate or can it be done using openssl?

http://www.mail-archive.com/[email protected]/msg13492.html

Please make sure you look at the right places next time. If I can find
this answer in one minute, you can, too. Sure.

Eckard

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]
RE: Questions about X509 certificate extension

Reply via email to
