Categories:
Android (13)
Apple Mac (27)
DH Keys (39)
DSA Keys (83)
EC Keys (2389)
Firefox (30)
General (10)
Google Chrome (25)
Intermediate CA (152)
Java VM (29)
JDK Keytool (28)
Microsoft CertUtil (29)
Microsoft Edge (9)
Mozilla CertUtil (21)
OpenSSL (236)
Other (7)
Portecle (38)
Publishers (6528)
Revoked Certificates (16)
Root CA (85)
RSA Keys (5269)
Tools (46)
Tutorial (1)
What Is (22)
Windows (127)
Collections:
Other Resources:
OpenSSL [ca] Section in Configuration File
How to provide OpenSSL "ca" command options in the configuration file? I see examples of using the [ca] section.
✍: FYIcenter.com
Yes, you can use the [ca] section to help providing OpenSSL "ca" command options in the configuration file. But there are 4 ways to provide "ca" command options:
1. Using unnamed section - You can put all "ca" command options in the unnamed section of the configuration file. You need to set "default_ca=empty" and keep [empty] empty. For example:
# Unnamed section of generic options ... # "ca" command options default_ca = empty default_md = md5 serial = ./my_ca/certs.seq new_certs_dir = ./my_ca/certs database = ./my_ca/certs.db ... # empty section [empty]
2. Using named default section - You can put all "ca" command options in a named section, like "[my_ca_default]", in the configuration file. Then you can set "default_ca=my_ca_default" in the unnamed section. For example:
# Unnamed section of generic options ... default_ca = my_ca_default # default section for "ca" command options [my_ca_default] default_md = md5 serial = ./my_ca/certs.seq new_certs_dir = ./my_ca/certs database = ./my_ca/certs.db ...
3. Using named default section and [ca] section - You can put all "ca" command options in a named section, like "[my_ca_default]", in the configuration file. Then you can set "default_ca=my_ca_default" in the [ca] section. For example:
# Unnamed section of generic options ... # section for the "default_ca" option [ca] default_ca = my_ca_default # default section for "ca" command options [my_ca_default] default_md = md5 serial = ./my_ca/certs.seq new_certs_dir = ./my_ca/certs database = ./my_ca/certs.db ...
4. Using named section used by the command line - You can put all "ca" command options in a named section, like "[my_ca_internal]", in the configuration file. Then you use "ca -name=my_ca_internal" command line to access them. For example:
# Unnamed section of generic options ... # section for the "default_ca" option [ca] default_ca = my_ca_default # default section for "ca" command options [my_ca_default] # section for "ca" command options for internal certificates [my_ca_internal] default_md = md5 serial = ./my_ca_internal/certs.seq new_certs_dir = ./my_ca_internal/certs database = ./my_ca_internal/certs.db ...
⇒ OpenSSL "ca" Error "lookup failed for ca::default_ca"
2016-09-09, 2588👍, 0💬
Popular Posts:
Certificate Summary: Subject: kube-apiserver-lb-signer Issuer: kube-apiserver-lb-signer Expiration: ...
Certificate Summary: Subject: ACCVRAIZ1 Issuer: ACCVRAIZ1 Expiration: 2030-12-31 09:37:37 UTC Key Id...
Certificate Summary: Subject: America Online Root Certification Authority 2 Issuer: America Online R...
Certificate Summary: Subject: USERTrust ECC Certification Authority Issuer: AddTrust External CA Roo...
Certificate summary - Owner: *.stackexchange.com, "Stack Exchange, Inc.", L=New York, ST=NY, US Issu...