Andrea, You have to add the lines
x509_extensions = <name_of_section> and [<name_of_section>] to your config file. If you want to get an x.509v3 certificate without extensions, you can leave the section empty. Otherwise you can specify your extensions to be used here. Regards Thomas > -----Ursprüngliche Nachricht----- > Von: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Im Auftrag von Tassi Andrea > Gesendet: Montag, 14. November 2005 10:19 > An: openssl-users@openssl.org > Betreff: certificate version > > Hi all, > > someone could help me? > > I'm using openssl to generate certificates. > My steps are: > > 1) I generate a self signed certificate that I use as a CA > > commands: > a)genrsa -out cakey.pem 1024 > b)req -new -nodes -x509 -key cakey.pem -out ca.pem -days 1095 > > This certificate is V3. > > > > 2)I genarate the user certificate by the commands: > > a)genrsa -out ckey.pem 1024 > b)req -new -nodes -key ckey.pem -out rccert.pem -sha1 -verify > c)x509 -req -in rccert.pem -CA ca.pem -CAkey cakey.pem -out ccert.pem > > The result is a V1 certificate. > > The question is this: > is it possible to generate a V3 user certificate? > > I'm using OpenSSL_0.9.7e for Windows. > > I looked for this problem on documentation but I was not able > to find answers, so I would appreciate your help > > > Thanks&&Regards > Andrea > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
