OpenSSL Error: Error loading extension section server

Posted on

Problem :

The system is Fedora fc21. The objective is to run the examples shown here: “APACHE web server and SSL authentication”

The openssl.cnf file has been created and the following command run:

openssl x509 -req -in server.req -CA ca.cer -CAkey ca.key  -set_serial 100 -extfile openssl.cnf -extensions server -days 365 -outform PEM -out server.cer

The result is:

Error Loading extension section server
140131294459760:error:22097069:X509 V3 routines:DO_EXT_NCONF:invalid extension string:v3_conf.c:139:name=crlDistributionPoints,section=@crl
140131294459760:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in extension:v3_conf.c:93:name=crlDistributionPoints, value=@crl

Similar errors occur with the examples with -extension client and -extension certauth commands.

What is the cause of this error, how can it be remediated?

Solution :

This appears to be a known bug. There is a resolution posted, copied here for simplicity. In the file “pkitool” replace all occurrences of:




This solution worked for me.

Leave a Reply

Your email address will not be published. Required fields are marked *