On Thu, Feb 14, 2013 at 11:55:59AM -0800, Matthew Hall wrote: > I used this configuration file: > > [req] > default_bits = 4096 > prompt = no > encrypt_key = no > default_md = sha256 > distinguished_name = dn > req_extensions = san > > [dn] > [san] > subjectAltName = DNS:example.com > subjectAltName = email:username > > I don't get the working CSR, I only get this different error, now: > > error, no objects specified in config file > problems making Certificate Request
Hello, I finally found the root cause. The cause is the "prompt = no" setting. When the same file is used with "prompt = no" commented out, the request succeeds. Using a locally compiled copy of the latest version of OpenSSL did not seem to change the behavior. Should this be considered a bug in how "prompt = no" and the new PKIX RFC interoperate with one another? Should I file it? Matthew. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org