[Bug 50333] Re: Default configuration file prevents the creation of a valid Certificate Authority
Adrien Nader
50333 at bugs.launchpad.net
Thu Jun 15 07:18:11 UTC 2023
** Changed in: openssl (Ubuntu)
Status: Confirmed => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/50333
Title:
Default configuration file prevents the creation of a valid
Certificate Authority
Status in openssl package in Ubuntu:
Won't Fix
Bug description:
When using the default configuration file and the script
/usr/lib/ssl/misc/CA.[sh|pl] -newca is run, the certificate authority
created by the script is not authorized to issue certificates.
An error is issued by Windows' clients after the certificate is
imported:
"This Certificate is not valid because one of the certification
authorities in the certification path does not appear to be allowed to
issue certificates or this certificate cannot be used as an end-entity
certificate."
To correct the problem, one line needs to be modified in the [
CA_default ] section of /etc/ssl/openssl.cnf:
Change this:
x509_extensions = usr_crt
To this:
x509_extensions = v3_ca
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/50333/+subscriptions
More information about the foundations-bugs
mailing list