Re: 2K3 Cert Svcs gives invalid policy error on OpenSSL gen'd cert req



On Jun 6, 1:01 am, Martin Rublik <martin.rub...@xxxxxxxxxx> wrote:
Hi I suppose that this is your problem:

according to certutil -dump request.txt this is what shows up

<snip>

The trouble is "Unknown Extension Type".

The Enhanced Key Usage should be a sequence of OID rather than a string.

Key Usage is specified as a bit string. Each bit represents different key usage.

Yes, you are absolutely correct. I realized that we were building the
certificate request in OpenSSL incorrectly, and it was causing the
output to be incorrect. By referencing the Apple Darwin OpenSSL
documentation and the O'Reilly book "Network Security with
OpenSSL" (chapter 3 and 10) we got all the flag names we needed and
built the extensions properly on the request.

.