Openssl Error Loading Extension Section Server
Contents |
here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site About Us Learn more about openssl error loading request extension section v3_req Stack Overflow the company Business Learn more about hiring developers or posting ads with us
Error Loading Extension Section V3_ca
Super User Questions Tags Users Badges Unanswered Ask Question _ Super User is a question and answer site for computer enthusiasts
Error Loading Extension Section Usr_cert
and power users. Join them; it only takes a minute: Sign up Here's how it works: Anybody can ask a question Anybody can answer The best answers are voted up and rise to the top OpenSSL
Do_ext_nconf:unknown Extension Name
Error: Error loading extension section server up vote 0 down vote favorite The system is Fedora fc21. The objective is to run the examples shown here: “APACHE web server and SSL authentication” The openssl.cnf file has been created and the following command run: openssl x509 -req -in server.req -CA ca.cer -CAkey ca.key -set_serial 100 -extfile openssl.cnf -extensions server -days 365 -outform PEM -out server.cer The result is: Error Loading extension section group=ca_default name=email_in_dn server 140131294459760:error:22097069:X509 V3 routines:DO_EXT_NCONF:invalid extension string:v3_conf.c:139:name=crlDistributionPoints,section=@crl 140131294459760:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in extension:v3_conf.c:93:name=crlDistributionPoints, value=@crl Similar errors occur with the examples with -extension client and -extension certauth commands. What is the cause of this error, how can it be remediated? certificate linux openssl share|improve this question edited Apr 4 '15 at 0:31 JakeGould 21k55978 asked Apr 3 '15 at 3:53 dan sawyer migrated from security.stackexchange.com Apr 3 '15 at 12:23 This question came from our site for information security professionals. the error says there is a problem in the crlDistributionPoints portion of the config file –schroeder Apr 3 '15 at 4:26 add a comment| 1 Answer 1 active oldest votes up vote 0 down vote This appears to be a known bug. There is a resolution posted, copied here for simplicity. In the file "pkitool" replace all occurrences of: KEY_ALTNAMES="$KEY_CN" with: KEY_ALTNAMES="DNS:${KEY_CN}" This solution worked for me. share|improve this answer answered Oct 3 '15 at 19:32 Christopher 1212 add a comment| Your Answer draft saved draft discarded Sign up or log in Sign up using Google Sign up using Facebook Sign up using Email and Password Post as a guest Name Email Post as a guest Name Email discard By posting your answer, you agree to the privacy policy and terms of servic
Importance Assigned to Milestone easy-rsa (Ubuntu) Edit Triaged Medium Unassigned Edit You need to log in to change nconf_get_string:no value:conf_lib.c:335:group=ca_default name=email_in_dn this bug's status. Affecting: easy-rsa (Ubuntu) Filed here by: Mark error loading extension section server_cert Prosser When: 2014-07-22 Confirmed: 2015-09-10 Target Distribution Baltix BOSS Juju Charms Collection Elbuntu Guadalinex Guadalinex Edu group= name=unique_subject Kiwi Linux nUbuntu PLD Linux Tilix tuXlab Ubuntu Ubuntu Linaro Evaluation Build Ubuntu RTM Package (Find…) Project (Find…) Status Importance Triaged Medium Assigned to Nobody Me http://superuser.com/questions/897437/openssl-error-error-loading-extension-section-server Comment on this change (optional) Email me about changes to this bug report Also affects project (?) Also affects distribution/package Nominate for series Bug Description This is my first bug report with Ubuntu, so apologies if I'm going about this the wrong way. I'm running Ubuntu 14.04 LTS (Release 14.04), and am https://bugs.launchpad.net/bugs/1346776 trying to create a server certificate using easy-rsa version 2.2.2-1. The commands I used to create the certificate were: sudo apt-get install easy-rsa cp -r /usr/share/easy-rsa ~ cd ~/easy-rsa vim ./vars (edit KEY_* defaults) source ./vars ./clean-all ./build-dh ./pkitool --initca ./pkitool --server
section server From: Marco Fretz
here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site About Us Learn more about Stack Overflow the company Business Learn more about hiring developers or posting ads with us Unix & Linux Questions Tags Users Badges Unanswered Ask Question _ Unix & Linux Stack Exchange is a question and answer site for users of Linux, FreeBSD and other Un*x-like operating systems. Join them; it only takes a minute: Sign up Here's how it works: Anybody can ask a question Anybody can answer The best answers are voted up and rise to the top Create X509 certificate with v3 extensions using command line tools up vote 0 down vote favorite 1 I am using the following configuration file named root.conf: [req] default_bits = 2048 default_md = sha256 distinguished_name = req_dn prompt = no encrypt_key = no [req_dn] CN = 07dda2b49637f71b6cebe87a6954e159313b4372 [x509v3_extensions] basicConstraints = critical,CA:true subjectKeyIdentifier = hash keyUsage = critical,keyCertSign,cRLSign subjectInfoAccess = @sia certificatePolicies = critical,1.3.6.1.5.5.7.14.2 sbgp-autonomousSysNum = critical,@rfc3779_asns sbgp-ipAddrBlock = critical,@rfc3997_addrs [sia] 1.3.6.1.5.5.7.48.5;URI = rsync://example.org/rpki/root/ 1.3.6.1.5.5.7.48.10;URI = rsync://example.org/rpki/root/root.mft [rfc3779_asns] AS.0 = 64496-64511 AS.1 = 65536-65551 [rfc3997_addrs] IPv4.0 = 192.0.2.0/24 IPv4.1 = 198.51.100.0/24 IPv4.2 = 203.0.113.0/24 IPv6.0 = 2001:0DB8::/32 And I am using this command to create the certificate: #!/bin/sh - # Generate the root key if it doesn't already exist. test -f root.key || openssl genrsa -out root.key 2048 # Generate the root certificate. openssl req \ -new \ -x509 \ -config root.conf \ -key root.key \ -out root.cer \ -outform DER \ -days 1825 \ -set_serial 1 \ -extensions x509v3_extensions But I get the following error if I run it using the above config file: Error Loading extension section x509v3_extensions 139978043373216:error:22097081:X509 V3 routines:DO_EXT_NCONF:unknown extension:v3_conf.c:129: 139978043373216:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in extension:v3_conf.c:93:name=sbgp-autonomousSysNum, value=@rfc3779_asns The above set of code is directly taken