Hello, I have the .cnf-File as attached and call openssl with following parameters:
d:\iwadis\openssl\openssl.exe ca -gencrl -out crl.pem -config d:/iwadis/Zertifikate/config.cnf d:\iwadis\openssl\openssl.exe ca -in Host_001_14.csr -out Host_001_14.pem -extensions 509v3 -batch -policy policy_any -config d:/iwadis/Zertifikate/config.cnf d:\iwadis\openssl\openssl.exe crl2pkcs7 -certfile Host_001_14.pem -in crl.pem -out Host_001_14.p7b The problem ist that although "default_bits" is set to 2048 the key-length of the public key is always 1024. How could I increase the key-length? Why does my cnf-File not work? Or is the key-length determined from the program which egenrates the request (in my case MS XEnroll ActiveX-Control)? Thanks Stefan Westner # # OpenSSL config file fuer die Client-Zertifikate der Stadt Fellbach # HOME = d:/iwadis/Zertifikate RANDFILE = d:/iwadis/Zertifikate/rnd.bin extensions = 509v3 prompt = no [ req ] default_bits = 2048 x509_extensions = v3_ca [ ca ] default_ca = CA_default [ CA_default ] database = d:/iwadis/Zertifikate/NewCerts/index.txt new_certs_dir = d:/iwadis/Zertifikate/NewCerts certificate = d:/iwadis/Zertifikate/ca.crt serial = d:/iwadis/Zertifikate/.srl private_key = d:/iwadis/Zertifikate/ca.key RANDFILE = d:/iwadis/Zertifikate/rnd.bin default_days = 3650 default_crl_days = 30 default_md = md5 policy = policy_any [ policy_any ] countryName = supplied stateOrProvinceName = optional organizationName = optional organizationalUnitName = optional commonName = supplied emailAddress = optional [ v3_ca ] basicConstraints = CA:false subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer:always [ 509v3 ] basicConstraints = critical,CA:false #subjectKeyIdentifier = hash #authorityKeyIdentifier = keyid:always,issuer:always keyUsage = keyEncipherment, dataEncipherment, keyAgreement, digitalSignature #Extended Key Usage = TLS Web Client Authentication subjectAltName = email:copy issuerAltName = issuer:copy nsBaseUrl = https://www.fellbach.de/ nsRevocationUrl = iwadis/shared/Zertifizierung/cert.asp?action=certrevocation&SN= nsCaRevocationUrl = iwadis/shared/Zertifizierung/cert.asp?action=certcarevocation&SN= nsRenewalUrl = iwadis/shared/Zertifizierung/cert.asp?action=certrenewal&SN= nsCaPolicyUrl = iwadis/shared/Zertifizierung/index.html nsComment = "Client-Zertifikat" nsCertType = client, email #nsSslServerName = # Ende Stefan Westner i-kom GmbH Kronacher Stra�e 41 96052 Bamberg Tel: 0951.96692 - 10 Fax: 0951.96692 - 19 eMail: [EMAIL PROTECTED] WWW: www.i-kom.de ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
