Help needed regarding x.509 keys for MQTT/Mosquitto

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Help needed regarding x.509 keys for MQTT/Mosquitto

Walter Trojan
Hello,

I try to generate x.509-keys for TLS/SSL operation with MQTT and Mosquitto and follow the Mosquitto TLS documentation:

Generate a certificate authority certificate and key.
    openssl req -new -x509 -days 365 -extensions v3_ca -keyout ca.key -out ca.crt

Generate a server key.
    openssl genrsa -des3 -out server.key 1024

Generate a certificate signing request to send to the CA.
    openssl req -out server.csr -key server.key -new

Send the CSR to the CA, or sign it with your CA key:
    openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 365

The first two operations went well, but during the third, the signing request to the CA, I got the following error message:

OpenSSL> req -out server.csr -key server.key -new
problem creating object tsa_policy1=1.2.3.4.1
5596:error:08064066:object identifier routines:OBJ_create:oid exists:crypto\objects\obj_dat.
c:689:
error in req
OpenSSL>

I have installed Win32OpenSSL 1.1.0, the big package.

It would be great, if somebody could give me a hint in order to solve this problem.

Many thanks in advance and best regards
Walter

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Help needed regarding x.509 keys for MQTT/Mosquitto

namelessxxv
This post has NOT been accepted by the mailing list yet.
This post was updated on .

This method works for me:

1. Use some editor (e.g. Notepad / Notepad++) to open the file openssl.cfg in the same location of the openssl.exe binary file.
2. Press Ctrl+F and search for new_oids
3. Comment(put a # in front of it)the line "tsa_policy1 = 1.2.3.4.1"
4. Save it and there should be no problem.

NamelessXXV

Loading...