0

Using Bouncy Castle to generate timestamps. I originally created the certificate using

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout private.key -out cert.crt but got the error Certificate must have an ExtendedKeyUsage extension..

So following the instructions here and adding a config file, I got the error unable to find 'distinguished_name' in config - problems making Certificate Request

I tried the instructions here, but then got the error Error Loading extension section req.

The simplest config I've used is this, but I've also tried others which including the organization such as a modified version of this one, but no luck.

[req]
distinguished_name = req_distinguished_name

The commands I've tried:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout private.key -out cert.crt -config config.cnf

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout private.key -out cert.crt -extensions req

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout private.key -out cert.crt -config config.cnf -extensions req

some posts reference an -ext-file switch, but this is not available.

user8897013
  • 443
  • 4
  • 15
  • 1
    does this answer help? https://stackoverflow.com/questions/43929436/subject-alternative-name-missing-err-ssl-version-or-cipher-mismatch/44058453#44058453 – Oleg Dec 06 '18 at 08:09
  • Agree with Oleg. A distinguished name is specified in X500 and should consist of multiple components. If a string is directly accepted then it should be in the form "CN = (etc)" rather than just "req_distinguished_name". – Maarten Bodewes Dec 06 '18 at 19:17
  • Thanks to you both for taking a minute to read my question. I've looked at the linked suggestion but I'm still missing something. I'm using the simplest certificate possible and the suggestion has a lot of pieces I don't understand. Would prefer to get this working with as few variables as possible. Other than the sample config you supply, to be honest, I would not have thought these questions even related. 1. Why do the ones I link to not have additional stuff, 2. are the fields in [] (ex. [req]) predefined or am I making them whatever I want and referencing them with the extensions switch? – user8897013 Dec 07 '18 at 19:03

0 Answers0