Is there any difference between openssl 0.9.7d and openssl 0.9.7g. ? The said http used 0.9.7d but mine is 0.9.7g.
clarence --- man Chan <[EMAIL PROTECTED]> ;!!G > hello, > > For the past week, I am trying to get information to > setup a sceure way for my obsd(3.8)AP <---> XP. I > find the following document: > > http://www50.brinkster.com/dachee/OpenVPN.htm > > Is there anyone try this out successfully ? As I was > stopped at the OpenSSL CA & Certificates. The error > is like this > > =========================================================== > openssl req -new -x509 -keyout private/CA_key.pem > -out > CA_cert.pem -days 9125 > Error Loading extension section CA_extensions > 12446:error:2207C082:X509 V3 > routines:DO_EXT_CONF:unknown extension > name:/usr/src/lib/libssl/src/crypto/x509v3/v3_conf.c:123: > 12446:error:2206B080:X509 V3 > routines:X509V3_EXT_conf:error in > extension:/usr/src/lib/libssl/src/crypto/x509v3/v3_conf.c:92:name=default_days, > value=9125 > ============================================================ > > The openssl.cnf is > > ----------------------------------------------- > > [ ca ] > # Default directives for ca command > > default_ca =CA_default > # reference to a new section name > > [ CA_default ] > > # Default directives for the ca command > # referred from [ ca ] section > > dir =/etc/ssl > # openssl working directory > > crl_dir =$dir/crl > # directory for certificate revoke file > > database =$dir/index.txt > # index file for every issued certificate > > new_certs_dir =$dir/certs > # where copies of each certificate is stored. > # each copy is identified as nn.pem > # nn corresponds with the index number in index.txt > > certificate =$dir/CA_cert.pem > # Name of the Certificate Authority¡¦s > Certificate > # File is used in signing or revoking a certificate > > serial =$dir/serial > # The serial number to use for the next certificate > # Same as ¡¥serialfile¡¦ option > and serials text. > > crl =$dir/crl/crl.pem > # File that contains the list of revoked > certificates. > > private_key =$dir/private/CA_key.pem > # Private key of the Certificate Authority > > RANDFILE =$dir/private/.rand > # Private random number file > > default_days =9125 > # Days a signed cert is valid > > default_crl_days =30 > # Days before the next certificate revocation list > > default_md =md5 > # Message digest algorithm- md5, sh1 or mdc2 > > > unique_subject =yes > # All certificates must have a unique, distinguished > name > > > policy =policy_any > # Reference section for policy enforced when signing > a > request > > x509_extensions =user_extensions > # reference section when ca command signs > certificate > > [ policy_any ] > # Default directives while signing a request > # Referenced from [ CA_default ] section > > > organizationName =match > # organizationName must match CA_cert > > organizationalUnitName =optional > # certificate does not have to have > organizationalUnitName > > commonName =supplied > > # certificate must have commonName but is supplied > by > user > > [ req ] > # Default directives for the req command > # (Public Key is contained in the certificate > request) > > default_bits =2048 > > default_keyfile =privkey.pem > # default key file location but ¡Vkeyout > command > overrides > > > distinguished_name =req_distinguished_name > # Reference section for assembling the distinguished > name > > x509_extensions =CA_extensions > # Reference section when req & ¡Vx509 commands > are invoked > > [ req_distinguished_name ] > # Default directives for the req command > # referenced from [ req ] section > # Presents user prompts to assemble the distinguish > name > > organizationName =Organization Name (must > match > CA) > > organizationName_default=ORGNAME > # REPLACE VALUE AS PROMPT DEFAULT FOR YOUR ORG > > organizationalUnitName =Location Name > > commonName =Common User or Org Name > > # These two values above can be changed but not > required. > # their values will appear as prompts when creating > certs/keys. > # Max characters in common name. > > commonName_max =64 > > [ user_extensions ] > # default directives when ca command signs a > certificate > # referenced from [ CA_default ] > > basicConstraints =CA:FALSE > # The certificate is not allowed to sign other > objects > > [ CA_extensions ] > # default directives for req & ¡Vx509 command > # referenced from [ req ] section > # added extensions when request creates self signed > certificate > > basicConstraints =CA:TRUE > # Certificate is allowed to sign other new > certificates. > > default_days =9125 > # Days a self sign cert is valid. If not used, the > default > # of 30 days may be applied and VPN clients will not > be able > # to connect after it expires. > > > [ server ] > # Optional directives for ca & ¡Vextensions > server commands > # Overrides [ user_extensions ] section normally > referenced > # by the ca command alone. > basicConstraints =CA:FALSE > > nsCertType =server > # signing a server certificate requires this > extension > === message truncated === _______________________________________ 7Q'Y.I&,(l7s email 3q*>!H $U8| Yahoo! Messenger http://messenger.yahoo.com.hk
