1

i'm running some scripts to generate some certificates and one of the lines is using openssl and it has the parameter "-extension ssl_server" yet when I run it it gives an error trying to load that extension.

I've googled it, looked through for similar issues on here and for the life of me can't figure out why there is an issue.

the command is:

openssl x509 -req -days 365 -in server.csr -CA cacert.crt -CAkey cakey.key -CAcreateserial -out server.crt -extfile ./server.cnf -extensions ssl_server

and the error:

Error Loading extension section ssl_server

Am running this on an Ubuntu VM in Azure, fresh from the box with no extra config.

jww
  • 97,681
  • 90
  • 411
  • 885
Eva No Gainen
  • 65
  • 1
  • 6
  • Stack Overflow is a site for programming and development questions. This question appears to be off-topic because it is not about programming or development. See [What topics can I ask about here](http://stackoverflow.com/help/on-topic) in the Help Center. Perhaps [Super User](http://superuser.com/) or [Web Applications Stack Exchange](http://webapps.stackexchange.com/) would be a better place to ask. Also see [Where do I post questions about Dev Ops?](http://meta.stackexchange.com/q/134306). – jww Jul 27 '16 at 22:01
  • 1
    OpenSSL's standard [configuration file](http://stackoverflow.com/q/21477210/) does not an `ssl_server` section. It sounds like something added/distributed by someone else. Also see [Correct location of openssl.cnf file](http://stackoverflow.com/q/21477210/). – jww Jul 28 '16 at 01:46

1 Answers1

6

run openssl version -a and check the directory value indicated by OPENSSLDIR key. Navigate to the same directory and change the settings in the openssl.cnf, then the extensions will be picked up correctly

yolob 21
  • 385
  • 4
  • 19