Zhang Jianyu wrote:
>
> Dr S N Henson wrote:
>
> >Check out the -extfile and the -extensions options in the x509 manual
> >page.
>
> >You'll normally set those to point to the config file and either the
> >end user extension section "usr_cert" for a normal end user certificate
> >or "v3_ca" for another CA.
>
> Can u discuss this problem in detail?
> How to write the commands or how to alter the config file?
> If u can mail a demo to me,I will appreciate ur help devoutly. :))
> 3x..................!!!!
>
When req signs a request it uses the config file openssl.cnf to
determine
which extensions to use.
x509 doesn't by default add extensions so you need to use the
-extfile (config file) option and -section (section) so if you wanted to
create an end user certificate you'd use:
openssl x509 -config /path/to/openssl.cnf -section v3_usr [other
options]
All details are documented in the manual pages and the extension file
syntax is in openssl.txt
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]