Hi,
if I run your command on buster the certificate generated has neither a
CA:true nor a key id section so this is likely the problem.
Oliver
On 18.07.22 17:14, Zimmermann Thomas via OpenXPKI-users wrote:
echo "[req]
distinguished_name = req_distinguished_name
req_extensions = v3_ca
prompt = no
[req_distinguished_name]
C = DE
ST = FOO
L = Bar
O = foobar
OU = Test
CN = CA
[v3_ca]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = critical,CA:true" > /tmp/ca-req.conf
openssl genrsa -out /root/ca-key.pem
openssl req -x509 -new -nodes -key /root/ca-key.pem -days 7300 -out
/root/ca-root.pem -sha512 -config /tmp/ca-req.conf
--
Protect your environment - close windows and adopt a penguin!
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
