Erik Leunissen schrieb:
From a (quick) look at the code in ca.c and apps.c it seems to me that the error has nothing to do with the quoted sections of your configfile. This error occurs id the option "name_opt" in your configfile has an invalid value. From apps.c the valid values (for 0.9.8d at least) are:I'm trying to set up a CA, following the guidelines in:"Network security with OpenSSL", and checking with the latest documentation that comes with 0.9.8e.I've managed to: - generate a root CA certificate and corresponding private key - generate a certificate request The problem arises when processing the certificate request: > openssl ca -config ../ca.conf -in certreq.pem Using configuration from ../ca.conf Enter pass phrase for /opt/My_CA/private/cakey.pem: Invalid name options: "My_CA"The name "My_CA" comes from a custom configuration file ca.conf. I've extracted parts from that file that use "My_CA" (see below).Can anybody say what's wrong? Please say so if you need further/other information.Thanks in advance, Erik Leunissen ============== From the custom configguration file ca.conf: #################################################################### [ ca ] default_ca = My_CA # The default ca section #################################################################### < snipped some details here> #################################################################### [ My_CA ] <Configuration for My_CA follows ...> == End of message ==
static const NAME_EX_TBL ex_tbl[] = {
{ "esc_2253", ASN1_STRFLGS_ESC_2253, 0},
{ "esc_ctrl", ASN1_STRFLGS_ESC_CTRL, 0},
{ "esc_msb", ASN1_STRFLGS_ESC_MSB, 0},
{ "use_quote", ASN1_STRFLGS_ESC_QUOTE, 0},
{ "utf8", ASN1_STRFLGS_UTF8_CONVERT, 0},
{ "ignore_type", ASN1_STRFLGS_IGNORE_TYPE, 0},
{ "show_type", ASN1_STRFLGS_SHOW_TYPE, 0},
{ "dump_all", ASN1_STRFLGS_DUMP_ALL, 0},
{ "dump_nostr", ASN1_STRFLGS_DUMP_UNKNOWN, 0},
{ "dump_der", ASN1_STRFLGS_DUMP_DER, 0},
{ "compat", XN_FLAG_COMPAT, 0xffffffffL},
{ "sep_comma_plus", XN_FLAG_SEP_COMMA_PLUS, XN_FLAG_SEP_MASK},
{ "sep_comma_plus_space", XN_FLAG_SEP_CPLUS_SPC, XN_FLAG_SEP_MASK},
{ "sep_semi_plus_space", XN_FLAG_SEP_SPLUS_SPC, XN_FLAG_SEP_MASK},
{ "sep_multiline", XN_FLAG_SEP_MULTILINE, XN_FLAG_SEP_MASK},
{ "dn_rev", XN_FLAG_DN_REV, 0},
{ "nofname", XN_FLAG_FN_NONE, XN_FLAG_FN_MASK},
{ "sname", XN_FLAG_FN_SN, XN_FLAG_FN_MASK},
{ "lname", XN_FLAG_FN_LN, XN_FLAG_FN_MASK},
{ "align", XN_FLAG_FN_ALIGN, 0},
{ "oid", XN_FLAG_FN_OID, XN_FLAG_FN_MASK},
{ "space_eq", XN_FLAG_SPC_EQ, 0},
{ "dump_unknown", XN_FLAG_DUMP_UNKNOWN_FIELDS, 0},
{ "RFC2253", XN_FLAG_RFC2253, 0xffffffffL},
{ "oneline", XN_FLAG_ONELINE, 0xffffffffL},
{ "multiline", XN_FLAG_MULTILINE, 0xffffffffL},
{ "ca_default", XN_FLAG_MULTILINE, 0xffffffffL},
The default configfile probably contains "ca_default" there, have you
replaced this with "My_CA"? From what I read in
http://www.openssl.org/docs/apps/ca.html the value should remain
"ca_default" in your configfile unless you have a better idea...
Hope it helps, Ted ;) -- PGP Public Key Information Download complete Key from http://www.convey.de/ted/tedkey_convey.asc Key fingerprint = 31B0 E029 BCF9 6605 DAC1 B2E1 0CC8 70F4 7AFB 8D26
smime.p7s
Description: S/MIME Cryptographic Signature
