Help with certificatePolicies section

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Help with certificatePolicies section

Richard Simard

Hi!

Anybody can help me whit this error?

 

Error Loading extension section server_cert

140091048477824:error:0E06D06C:configuration file routines:NCONF_get_string:no value:../crypto/conf/conf_lib.c:273:group=CA_default name=email_in_dn

140091048477824:error:0E06D06C:configuration file routines:NCONF_get_string:no value:../crypto/conf/conf_lib.c:273:group=CA_default name=rand_serial

140091048477824:error:0D06407A:asn1 encoding routines:a2d_ASN1_OBJECT:first num too large:../crypto/asn1/a_object.c:73:

140091048477824:error:2208306E:X509 V3 routines:policy_section:invalid object identifier:../crypto/x509v3/v3_cpols.c:183:section:Cert_policy_server,name:policyIdentifier,value:GroupeSTIAssurance, GroupeSTIDevice

140091048477824:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in extension:../crypto/x509v3/v3_conf.c:47:name=certificatePolicies, value=ia5org,1.3.6.1.4.1.51063,@Cert_policy_server

 

[ openssl_init ]

oid_section  = oids_section

 

[ server_cert ]

basicConstraints  = CA:FALSE

nsCertType  = server

subjectKeyIdentifier  = hash

authorityKeyIdentifier  = keyid, issuer:always

keyUsage  = critical, digitalSignature, keyEncipherment

extendedKeyUsage = serverAuth

certificatePolicies = ia5org, @Cert_policy_server

crlDistributionPoints = crl_section

 

[ Cert_policy_server ]

policyIdentifier  = GroupeSTIAssurance, GroupeSTIDevice

CPS.1  = http://cps.groupesti.com

 

[ crl_section ]

fullname  = URI:http://pki.groupesti.com/ca.crl

CRLissuer = dirName:issuer_section

reasons  = keyCompromise, CACompromise

authorityKeyIdentifier = keyid:always

 

[ oids_section ]

GroupeSTIAssurance  = 1.3.6.1.4.1.51063.0.1

GroupeSTIUser = 1.3.6.1.4.1.51063.0.1.0

GroupeSTIDevice = 1.3.6.1.4.1.51063.0.1.1

 

 

Reply | Threaded
Open this post in threaded view
|

Re: Help with certificatePolicies section

Libor Chocholaty

Hi,

could you share commands that led to this error?

It looks to me referenced non existent section in config file like as param "-extensions" option.

Regards,
Libor


On 2020-04-06 19:43, Richard Simard wrote:

Hi!

Anybody can help me whit this error?

 

Error Loading extension section server_cert

140091048477824:error:0E06D06C:configuration file routines:NCONF_get_string:no value:../crypto/conf/conf_lib.c:273:group=CA_default name=email_in_dn

140091048477824:error:0E06D06C:configuration file routines:NCONF_get_string:no value:../crypto/conf/conf_lib.c:273:group=CA_default name=rand_serial

140091048477824:error:0D06407A:asn1 encoding routines:a2d_ASN1_OBJECT:first num too large:../crypto/asn1/a_object.c:73:

140091048477824:error:2208306E:X509 V3 routines:policy_section:invalid object identifier:../crypto/x509v3/v3_cpols.c:183:section:Cert_policy_server,name:policyIdentifier,value:GroupeSTIAssurance, GroupeSTIDevice

140091048477824:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in extension:../crypto/x509v3/v3_conf.c:47:name=certificatePolicies, value=ia5org,1.3.6.1.4.1.51063,@Cert_policy_server

 

[ openssl_init ]

oid_section  = oids_section

 

[ server_cert ]

basicConstraints  = CA:FALSE

nsCertType  = server

subjectKeyIdentifier  = hash

authorityKeyIdentifier  = keyid, issuer:always

keyUsage  = critical, digitalSignature, keyEncipherment

extendedKeyUsage = serverAuth

certificatePolicies = ia5org, @Cert_policy_server

crlDistributionPoints = crl_section

 

[ Cert_policy_server ]

policyIdentifier  = GroupeSTIAssurance, GroupeSTIDevice

CPS.1  = http://cps.groupesti.com

 

[ crl_section ]

fullname  = URI:http://pki.groupesti.com/ca.crl

CRLissuer = dirName:issuer_section

reasons  = keyCompromise, CACompromise

authorityKeyIdentifier = keyid:always

 

[ oids_section ]

GroupeSTIAssurance  = 1.3.6.1.4.1.51063.0.1

GroupeSTIUser = 1.3.6.1.4.1.51063.0.1.0

GroupeSTIDevice = 1.3.6.1.4.1.51063.0.1.1

 

 


Reply | Threaded
Open this post in threaded view
|

RE: Help with certificatePolicies section

Richard Simard

Libor Chocholaty

 

openssl ca -config etc/intermediate.cnf -extensions server_cert -days 1825 -notext -md sha256 -in intermediate/csr/test.groupesti.com.csr -out intermediate/certs/test.groupesti.com.crt

 

Using configuration from etc/intermediate.cnf

Enter pass phrase for /CA/intermediate/private/intermediate.key: ************

 

Error Loading extension section server_cert

140542588306560:error:0E06D06C:configuration file routines:NCONF_get_string:no value:../crypto/conf/conf_lib.c:273:group=CA_default name=email_in_dn

140542588306560:error:0E06D06C:configuration file routines:NCONF_get_string:no value:../crypto/conf/conf_lib.c:273:group=CA_default name=rand_serial

140542588306560:error:0D06407A:asn1 encoding routines:a2d_ASN1_OBJECT:first num too large:../crypto/asn1/a_object.c:73:

140542588306560:error:2208306E:X509 V3 routines:policy_section:invalid object identifier:../crypto/x509v3/v3_cpols.c:183:section:Cert_policy_server,name:policyIdentifier,value:GroupeSTIAssurance, GroupeSTIDevice

140542588306560:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in extension:../crypto/x509v3/v3_conf.c:47:name=certificatePolicies, value=ia5org, @Cert_policy_server

 

Intermediate.cnf

 

[ openssl_init ]

oid_section                     = oids_section

 

[ ca ]

default_ca                      = CA_default

 

[ CA_default ]

dir                             = /CA/intermediate

certs                           = $dir/certs

crl_dir                         = $dir/crl

new_certs_dir                   = $dir/newcerts

database                        = $dir/index.txt

serial                          = $dir/serial

RANDFILE                        = $dir/private/.rand

private_key                     = $dir/private/intermediate.key

certificate                     = $dir/certs/intermediate.crt

crlnumber                       = $dir/crlnumber

crl                             = $dir/crl/intermediate.crl

crl_extensions                  = crl_ext

default_crl_days                = 30

default_md                      = sha256

name_opt                        = ca_default

cert_opt                        = ca_default

default_days                    = 375

preserve                        = no

policy                          = policy_loose

 

[ policy_strict ]

countryName                     = match

stateOrProvinceName             = match

organizationName                = match

organizationalUnitName          = optional

commonName                      = supplied

emailAddress                    = optional

 

[ policy_loose ]

countryName                     = optional

stateOrProvinceName             = optional

localityName                    = optional

organizationName                = optional

organizationalUnitName          = optional

commonName                      = supplied

emailAddress                    = optional

 

[ req ]

default_bits                    = 2048

distinguished_name              = req_distinguished_name

utf8                            = yes

string_mask                     = utf8only

name_opt                        = multiline, -esc_msb, utf8

default_md                      = sha256

x509_extensions                 = v3_ca

 

[ req_distinguished_name ]

countryName                     = "1. Nom du pays (2 lettres)          (Ex, CA)                  "

countryName_max                 = 2

countryName_default             = CA

stateOrProvinceName             = "2. Nom de l'État ou de la province  (Ex, Québec)              "

stateOrProvinceName_default     = Québec

localityName                    = "3. Nom de localité                  (Ex, Saguenay)            "

localityName_default            = Saguenay

organizationName                = "4. Nom de l'organisation            (Ex, Groupe Solutions TI) "

organizationName_default        = Groupe Solutions TI Inc.

organizationalUnitName          = "5. Nom de l'unité organisationnelle (Ex, Service web)         "

organizationalUnitName_default  =

commonName                      = "6. Nom de la personne               (Ex, Jean Tremblay)       "

commonName_max                  = 64

commonName_default              =

emailAddress                    = "7. Adresse courriel                 (Ex, [hidden email]      "

emailAddress_max                = 64

emailAddress_default            =

 

[ issuer_section ]

O                               = Groupe Solutions TI Inc.

CN                              = Groupe Solutions TI Inc. - Autorité TLS V3 Principal

C                               = CA

ST                              = Québec

L                               = Saguenay

streetAddress                   = 3-4109, Saint-Alexandre

postalCode                      = G8A 2H1

emailAddress                    = [hidden email]

telephoneNumber                 = +1 (418) 695-9007

 

[ v3_ca ]

subjectKeyIdentifier            = hash

authorityKeyIdentifier          = keyid:always,issuer

basicConstraints                = critical, CA:true

keyUsage                        = critical, digitalSignature, cRLSign, keyCertSign

 

[ v3_intermediate_ca ]

subjectKeyIdentifier            = hash

authorityKeyIdentifier          = keyid:always,issuer

basicConstraints                = critical, CA:true, pathlen:0

keyUsage                        = critical, digitalSignature, cRLSign, keyCertSign

 

[ usr_cert ]

basicConstraints                = CA:FALSE

nsCertType                      = client, email

subjectKeyIdentifier            = hash

authorityKeyIdentifier          = keyid,issuer

keyUsage                        = critical, nonRepudiation, digitalSignature, keyEncipherment

extendedKeyUsage                = clientAuth, emailProtection

SMIME-CAPS                      = ASN1:SEQUENCE:smime_seq

crlDistributionPoints           = crl_section

 

[ Policy_usr_cert ]

policyIdentifier                = GroupeSTIAssurance, GroupeSTIUser

CPS                             = http://cps.groupesti.com

 

[ server_cert ]

basicConstraints                = CA:FALSE

nsCertType                      = server

subjectKeyIdentifier            = hash

authorityKeyIdentifier          = keyid, issuer:always

keyUsage                        = critical, digitalSignature, keyEncipherment

extendedKeyUsage                = serverAuth

certificatePolicies             = ia5org, @Cert_policy_server

crlDistributionPoints           = crl_section

 

[ Cert_policy_server ]

policyIdentifier                = GroupeSTIAssurance, GroupeSTIDevice

CPS.1                           = http://cps.groupesti.com

 

[ crl_ext ]

authorityKeyIdentifier          = keyid:always

 

[ crl_section ]

fullname                        = URI:http://pki.groupesti.com/ca.crl

CRLissuer                       = dirName:issuer_section

reasons                         = keyCompromise, CACompromise

authorityKeyIdentifier          = keyid:always

 

[ ocsp ]

basicConstraints                = CA:FALSE

subjectKeyIdentifier            = hash

authorityKeyIdentifier          = keyid, issuer

keyUsage                        = critical, digitalSignature

extendedKeyUsage                = critical, OCSPSigning

 

[ smime_seq ]

SMIMECapability.0               = SEQWRAP, OID:sha1

SMIMECapability.1               = SEQWRAP, OID:sha256

SMIMECapability.2               = SEQWRAP, OID:sha1WithRSA

SMIMECapability.3               = SEQWRAP, OID:aes-256-ecb

SMIMECapability.4               = SEQWRAP, OID:aes-256-cbc

SMIMECapability.5               = SEQWRAP, OID:aes-256-ofb

SMIMECapability.6               = SEQWRAP, OID:aes-128-ecb

SMIMECapability.7               = SEQWRAP, OID:aes-128-cbc

SMIMECapability.8               = SEQWRAP, OID:aes-128-ecb

SMIMECapability.9               = SEQUENCE:rsa_enc

 

[ oids_section ]

GroupeSTIAssurance              = 1.3.6.1.4.1.51063.0.1

GroupeSTIUser                   = 1.3.6.1.4.1.51063.0.1.0

GroupeSTIDevice                 = 1.3.6.1.4.1.51063.0.1.1

GroupeSTIAssuranceEV            = 1.3.6.1.4.1.51063.0.1.2

 

De : openssl-users <[hidden email]> De la part de Libor Chocholaty
Envoyé : 6 avril 2020 16:42
À : [hidden email]
Objet : Re: Help with certificatePolicies section

 

Hi,

could you share commands that led to this error?

It looks to me referenced non existent section in config file like as param "-extensions" option.

Regards,
Libor

 

On 2020-04-06 19:43, Richard Simard wrote:

Hi!

Anybody can help me whit this error?

 

Error Loading extension section server_cert

140091048477824:error:0E06D06C:configuration file routines:NCONF_get_string:no value:../crypto/conf/conf_lib.c:273:group=CA_default name=email_in_dn

140091048477824:error:0E06D06C:configuration file routines:NCONF_get_string:no value:../crypto/conf/conf_lib.c:273:group=CA_default name=rand_serial

140091048477824:error:0D06407A:asn1 encoding routines:a2d_ASN1_OBJECT:first num too large:../crypto/asn1/a_object.c:73:

140091048477824:error:2208306E:X509 V3 routines:policy_section:invalid object identifier:../crypto/x509v3/v3_cpols.c:183:section:Cert_policy_server,name:policyIdentifier,value:GroupeSTIAssurance, GroupeSTIDevice

140091048477824:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in extension:../crypto/x509v3/v3_conf.c:47:name=certificatePolicies, value=ia5org,1.3.6.1.4.1.51063,@Cert_policy_server

 

[ openssl_init ]

oid_section  = oids_section

 

[ server_cert ]

basicConstraints  = CA:FALSE

nsCertType  = server

subjectKeyIdentifier  = hash

authorityKeyIdentifier  = keyid, issuer:always

keyUsage  = critical, digitalSignature, keyEncipherment

extendedKeyUsage = serverAuth

certificatePolicies = ia5org, @Cert_policy_server

crlDistributionPoints = crl_section

 

[ Cert_policy_server ]

policyIdentifier  = GroupeSTIAssurance, GroupeSTIDevice

CPS.1  = http://cps.groupesti.com

 

[ crl_section ]

fullname  = URI:http://pki.groupesti.com/ca.crl

CRLissuer = dirName:issuer_section

reasons  = keyCompromise, CACompromise

authorityKeyIdentifier = keyid:always

 

[ oids_section ]

GroupeSTIAssurance  = 1.3.6.1.4.1.51063.0.1

GroupeSTIUser = 1.3.6.1.4.1.51063.0.1.0

GroupeSTIDevice = 1.3.6.1.4.1.51063.0.1.1

 

 

 

Reply | Threaded
Open this post in threaded view
|

Re: Help with certificatePolicies section

Dave Coombs
Hi,

I could be wrong, but I think the problem may be that [Cert_policy_server] has a policyIdentifier with two values.  Try something like:

[server_cert]
certificatePolicies = ia5org, @Cert_policy_server, @Cert_other_policy_server

[Cert_policy_server]
policyIdentifier = GroupeSTIAssurance
CPS.1 = http://cps.groupesti.com

[Cert_other_policy_server]
policyIdentifier = GroupeSTIDevice

Good luck,
  -Dave


> On Apr 7, 2020, at 11:57, Richard Simard <[hidden email]> wrote:
>
> Libor Chocholaty
>  
> openssl ca -config etc/intermediate.cnf -extensions server_cert -days 1825 -notext -md sha256 -in intermediate/csr/test.groupesti.com.csr -out intermediate/certs/test.groupesti.com.crt
>  
> Using configuration from etc/intermediate.cnf
> Enter pass phrase for /CA/intermediate/private/intermediate.key: ************
>  
> Error Loading extension section server_cert
> 140542588306560:error:0E06D06C:configuration file routines:NCONF_get_string:no value:../crypto/conf/conf_lib.c:273:group=CA_default name=email_in_dn
> 140542588306560:error:0E06D06C:configuration file routines:NCONF_get_string:no value:../crypto/conf/conf_lib.c:273:group=CA_default name=rand_serial
> 140542588306560:error:0D06407A:asn1 encoding routines:a2d_ASN1_OBJECT:first num too large:../crypto/asn1/a_object.c:73:
> 140542588306560:error:2208306E:X509 V3 routines:policy_section:invalid object identifier:../crypto/x509v3/v3_cpols.c:183:section:Cert_policy_server,name:policyIdentifier,value:GroupeSTIAssurance, GroupeSTIDevice
> 140542588306560:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in extension:../crypto/x509v3/v3_conf.c:47:name=certificatePolicies, value=ia5org, @Cert_policy_server
>  
> Intermediate.cnf
>  
> [ openssl_init ]
> oid_section                     = oids_section
>  
> [ ca ]
> default_ca                      = CA_default
>  
> [ CA_default ]
> dir                             = /CA/intermediate
> certs                           = $dir/certs
> crl_dir                         = $dir/crl
> new_certs_dir                   = $dir/newcerts
> database                        = $dir/index.txt
> serial                          = $dir/serial
> RANDFILE                        = $dir/private/.rand
> private_key                     = $dir/private/intermediate.key
> certificate                     = $dir/certs/intermediate.crt
> crlnumber                       = $dir/crlnumber
> crl                             = $dir/crl/intermediate.crl
> crl_extensions                  = crl_ext
> default_crl_days                = 30
> default_md                      = sha256
> name_opt                        = ca_default
> cert_opt                        = ca_default
> default_days                    = 375
> preserve                        = no
> policy                          = policy_loose
>  
> [ policy_strict ]
> countryName                     = match
> stateOrProvinceName             = match
> organizationName                = match
> organizationalUnitName          = optional
> commonName                      = supplied
> emailAddress                    = optional
>  
> [ policy_loose ]
> countryName                     = optional
> stateOrProvinceName             = optional
> localityName                    = optional
> organizationName                = optional
> organizationalUnitName          = optional
> commonName                      = supplied
> emailAddress                    = optional
>  
> [ req ]
> default_bits                    = 2048
> distinguished_name              = req_distinguished_name
> utf8                            = yes
> string_mask                     = utf8only
> name_opt                        = multiline, -esc_msb, utf8
> default_md                      = sha256
> x509_extensions                 = v3_ca
>  
> [ req_distinguished_name ]
> countryName                     = "1. Nom du pays (2 lettres)          (Ex, CA)                  "
> countryName_max                 = 2
> countryName_default             = CA
> stateOrProvinceName             = "2. Nom de l'État ou de la province  (Ex, Québec)              "
> stateOrProvinceName_default     = Québec
> localityName                    = "3. Nom de localité                  (Ex, Saguenay)            "
> localityName_default            = Saguenay
> organizationName                = "4. Nom de l'organisation            (Ex, Groupe Solutions TI) "
> organizationName_default        = Groupe Solutions TI Inc.
> organizationalUnitName          = "5. Nom de l'unité organisationnelle (Ex, Service web)         "
> organizationalUnitName_default  =
> commonName                      = "6. Nom de la personne               (Ex, Jean Tremblay)       "
> commonName_max                  = 64
> commonName_default              =
> emailAddress                    = "7. Adresse courriel                 (Ex, [hidden email]      "
> emailAddress_max                = 64
> emailAddress_default            =
>  
> [ issuer_section ]
> O                               = Groupe Solutions TI Inc.
> CN                              = Groupe Solutions TI Inc. - Autorité TLS V3 Principal
> C                               = CA
> ST                              = Québec
> L                               = Saguenay
> streetAddress                   = 3-4109, Saint-Alexandre
> postalCode                      = G8A 2H1
> emailAddress                    = [hidden email]
> telephoneNumber                 = +1 (418) 695-9007
>  
> [ v3_ca ]
> subjectKeyIdentifier            = hash
> authorityKeyIdentifier          = keyid:always,issuer
> basicConstraints                = critical, CA:true
> keyUsage                        = critical, digitalSignature, cRLSign, keyCertSign
>  
> [ v3_intermediate_ca ]
> subjectKeyIdentifier            = hash
> authorityKeyIdentifier          = keyid:always,issuer
> basicConstraints                = critical, CA:true, pathlen:0
> keyUsage                        = critical, digitalSignature, cRLSign, keyCertSign
>  
> [ usr_cert ]
> basicConstraints                = CA:FALSE
> nsCertType                      = client, email
> subjectKeyIdentifier            = hash
> authorityKeyIdentifier          = keyid,issuer
> keyUsage                        = critical, nonRepudiation, digitalSignature, keyEncipherment
> extendedKeyUsage                = clientAuth, emailProtection
> SMIME-CAPS                      = ASN1:SEQUENCE:smime_seq
> crlDistributionPoints           = crl_section
>  
> [ Policy_usr_cert ]
> policyIdentifier                = GroupeSTIAssurance, GroupeSTIUser
> CPS                             = http://cps.groupesti.com
>  
> [ server_cert ]
> basicConstraints                = CA:FALSE
> nsCertType                      = server
> subjectKeyIdentifier            = hash
> authorityKeyIdentifier          = keyid, issuer:always
> keyUsage                        = critical, digitalSignature, keyEncipherment
> extendedKeyUsage                = serverAuth
> certificatePolicies             = ia5org, @Cert_policy_server
> crlDistributionPoints           = crl_section
>  
> [ Cert_policy_server ]
> policyIdentifier                = GroupeSTIAssurance, GroupeSTIDevice
> CPS.1                           = http://cps.groupesti.com
>  
> [ crl_ext ]
> authorityKeyIdentifier          = keyid:always
>  
> [ crl_section ]
> fullname                        = URI:http://pki.groupesti.com/ca.crl
> CRLissuer                       = dirName:issuer_section
> reasons                         = keyCompromise, CACompromise
> authorityKeyIdentifier          = keyid:always
>  
> [ ocsp ]
> basicConstraints                = CA:FALSE
> subjectKeyIdentifier            = hash
> authorityKeyIdentifier          = keyid, issuer
> keyUsage                        = critical, digitalSignature
> extendedKeyUsage                = critical, OCSPSigning
>  
> [ smime_seq ]
> SMIMECapability.0               = SEQWRAP, OID:sha1
> SMIMECapability.1               = SEQWRAP, OID:sha256
> SMIMECapability.2               = SEQWRAP, OID:sha1WithRSA
> SMIMECapability.3               = SEQWRAP, OID:aes-256-ecb
> SMIMECapability.4               = SEQWRAP, OID:aes-256-cbc
> SMIMECapability.5               = SEQWRAP, OID:aes-256-ofb
> SMIMECapability.6               = SEQWRAP, OID:aes-128-ecb
> SMIMECapability.7               = SEQWRAP, OID:aes-128-cbc
> SMIMECapability.8               = SEQWRAP, OID:aes-128-ecb
> SMIMECapability.9               = SEQUENCE:rsa_enc
>  
> [ oids_section ]
> GroupeSTIAssurance              = 1.3.6.1.4.1.51063.0.1
> GroupeSTIUser                   = 1.3.6.1.4.1.51063.0.1.0
> GroupeSTIDevice                 = 1.3.6.1.4.1.51063.0.1.1
> GroupeSTIAssuranceEV            = 1.3.6.1.4.1.51063.0.1.2
>  
> De : openssl-users <[hidden email]> De la part de Libor Chocholaty
> Envoyé : 6 avril 2020 16:42
> À : [hidden email]
> Objet : Re: Help with certificatePolicies section
>  
> Hi,
>
> could you share commands that led to this error?
>
> It looks to me referenced non existent section in config file like as param "-extensions" option.
>
> Regards,
> Libor
>
>  
>
> On 2020-04-06 19:43, Richard Simard wrote:
>
> Hi!
> Anybody can help me whit this error?
>  
> Error Loading extension section server_cert
> 140091048477824:error:0E06D06C:configuration file routines:NCONF_get_string:no value:../crypto/conf/conf_lib.c:273:group=CA_default name=email_in_dn
> 140091048477824:error:0E06D06C:configuration file routines:NCONF_get_string:no value:../crypto/conf/conf_lib.c:273:group=CA_default name=rand_serial
> 140091048477824:error:0D06407A:asn1 encoding routines:a2d_ASN1_OBJECT:first num too large:../crypto/asn1/a_object.c:73:
> 140091048477824:error:2208306E:X509 V3 routines:policy_section:invalid object identifier:../crypto/x509v3/v3_cpols.c:183:section:Cert_policy_server,name:policyIdentifier,value:GroupeSTIAssurance, GroupeSTIDevice
> 140091048477824:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in extension:../crypto/x509v3/v3_conf.c:47:name=certificatePolicies, value=ia5org,1.3.6.1.4.1.51063,@Cert_policy_server
>  
> [ openssl_init ]
> oid_section  = oids_section
>  
> [ server_cert ]
> basicConstraints  = CA:FALSE
> nsCertType  = server
> subjectKeyIdentifier  = hash
> authorityKeyIdentifier  = keyid, issuer:always
> keyUsage  = critical, digitalSignature, keyEncipherment
> extendedKeyUsage = serverAuth
> certificatePolicies = ia5org, @Cert_policy_server
> crlDistributionPoints = crl_section
>  
> [ Cert_policy_server ]
> policyIdentifier  = GroupeSTIAssurance, GroupeSTIDevice
> CPS.1  = http://cps.groupesti.com
>  
> [ crl_section ]
> fullname  = URI:http://pki.groupesti.com/ca.crl
> CRLissuer = dirName:issuer_section
> reasons  = keyCompromise, CACompromise
> authorityKeyIdentifier = keyid:always
>  
> [ oids_section ]
> GroupeSTIAssurance  = 1.3.6.1.4.1.51063.0.1
> GroupeSTIUser = 1.3.6.1.4.1.51063.0.1.0
> GroupeSTIDevice = 1.3.6.1.4.1.51063.0.1.1


smime.p7s (12K) Download Attachment