Problem :
The system is Fedora fc21. The objective is to run the examples shown here: “APACHE web server and SSL authentication”
The openssl.cnf file has been created and the following command run:
openssl x509 -req -in server.req -CA ca.cer -CAkey ca.key -set_serial 100 -extfile openssl.cnf -extensions server -days 365 -outform PEM -out server.cer
The result is:
Error Loading extension section server
140131294459760:error:22097069:X509 V3 routines:DO_EXT_NCONF:invalid extension string:v3_conf.c:139:name=crlDistributionPoints,section=@crl
140131294459760:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in extension:v3_conf.c:93:name=crlDistributionPoints, value=@crl
Similar errors occur with the examples with -extension client and -extension certauth commands.
What is the cause of this error, how can it be remediated?
Solution :
This appears to be a known bug. There is a resolution posted, copied here for simplicity. In the file “pkitool” replace all occurrences of:
KEY_ALTNAMES=”$KEY_CN”
with:
KEY_ALTNAMES=”DNS:${KEY_CN}”
This solution worked for me.