Re: 2K3 Cert Svcs gives invalid policy error on OpenSSL gen'd cert req
- From: matt.kerr@xxxxxxxxx
- Date: Fri, 15 Jun 2007 23:06:35 -0000
On Jun 6, 1:01 am, Martin Rublik <martin.rub...@xxxxxxxxxx> wrote:
Hi I suppose that this is your problem:
according to certutil -dump request.txt this is what shows up
<snip>
The trouble is "Unknown Extension Type".
The Enhanced Key Usage should be a sequence of OID rather than a string.
Key Usage is specified as a bit string. Each bit represents different key usage.
Yes, you are absolutely correct. I realized that we were building the
certificate request in OpenSSL incorrectly, and it was causing the
output to be incorrect. By referencing the Apple Darwin OpenSSL
documentation and the O'Reilly book "Network Security with
OpenSSL" (chapter 3 and 10) we got all the flag names we needed and
built the extensions properly on the request.
.
- References:
- 2K3 Cert Svcs gives invalid policy error on OpenSSL gen'd cert req
- From: matt . kerr
- Re: 2K3 Cert Svcs gives invalid policy error on OpenSSL gen'd cert req
- From: Martin Rublik
- Re: 2K3 Cert Svcs gives invalid policy error on OpenSSL gen'd cert req
- From: matt . kerr
- Re: 2K3 Cert Svcs gives invalid policy error on OpenSSL gen'd cert req
- From: Martin Rublik
- 2K3 Cert Svcs gives invalid policy error on OpenSSL gen'd cert req
- Prev by Date: Re: Radius server in a DMZ, how to authenticate AD users ?
- Next by Date: Enable the created certificate Template
- Previous by thread: Re: 2K3 Cert Svcs gives invalid policy error on OpenSSL gen'd cert req
- Next by thread: Windows Server 2003 Security Guide for SP2?
- Index(es):
Relevant Pages
|
