Voir aussi :
$ openssl genrsa -des3 -out macle.key 2048 #Voir aussi "openssl ecparam -genkey" pour Elliptic Curve key Generating RSA private key, 2048 bit long modulus ................................................+++ ...................................................+++ e is 65537 (0x10001) Enter pass phrase for macle.key: Verifying - Enter pass phrase for macle.key:
$ openssl req -new -x509 -days 3650 -key macle.key -sha256 -extensions v3_ca -out macle.crt Error Loading extension section v3_ca
Le problème venait de LibreSSL (pourquoi !?)
Solution 1 (rapide) :
Spécifier le chemin pour prendre l'openssl de la distribution GNU/Linux
/usr/bin/openssl req -new -x509 -days 3650 -key macle.key -sha256 -extensions v3_ca -out macle.crt
Solution 2 (la bonne) :
mv /usr/local/etc/ssl{,.old} ln -s /etc/ssl /usr/local/etc/ssl
En effet, la conf n'est pas la même
# grep -ri v3_ca /etc/ssl /etc/ssl/openssl.cnf:x509_extensions = v3_ca # The extentions to add to the self signed cert /etc/ssl/openssl.cnf:[ v3_ca ]
openssl.cnf
[ v3_ca ] subjectKeyIdentifier=hash authorityKeyIdentifier=keyid:always,issuer basicConstraints = CA:true [ req ] x509_extensions = v3_ca # The extentions to add to the self signed cert
$ openssl x509 -ext basicConstraints,keyUsage -noout -in /usr/share/ca-certificates/mozilla/VeriSign_Universal_Root_Certification_Authority.crt
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Certificate Sign, CRL Sign