Cedric Tabary schrieb: > > Using configuration from /usr/local/OpenCA/etc/openssl/openssl/User.conf > Check that the request matches the signature > Signature ok > The Subject's Distinguished Name is as follows > countryName :PRINTABLE:'FR' > organizationName :PRINTABLE:'iniflux' > organizationalUnitName:PRINTABLE:'Internet' > commonName :PRINTABLE:'testuser1234' > serialNumber :PRINTABLE:'08' > ERROR: adding extensions in section default > 28343:error:2206D06C:X509 V3 routines:X509V3_parse_list:invalid null > name:v3_utl.c:319: > 28343:error:2206B069:X509 V3 routines:X509V3_EXT_conf:invalid extension > string:v3_conf.c:138:name=subjectAltName,section= > 28343:error:2206B080:X509 V3 routines:X509V3_EXT_conf:error in > extension:v3_conf.c:92:name=subjectAltName, value=
This is actually the most common mistake. The default configuration of OpenCA requires that you set the subject alternative name. So you must edit the request if you didn't change the configuration in OPENCADIR/etc/openssl/extfiles/. OpenCA doesn't set the subject alternative name fullautomatically for security reasons. Michael -- ------------------------------------------------------------------- Michael Bell Email (private): [EMAIL PROTECTED] Rechenzentrum - Datacenter Email: [EMAIL PROTECTED] Humboldt-University of Berlin Tel.: +49 (0)30-2093 2482 Unter den Linden 6 Fax: +49 (0)30-2093 2959 10099 Berlin Germany http://www.openca.org ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
