使用 config.cnf openssl 创建 CSR 时出错

问题描述 投票:0回答:1

我正在尝试使用具有预定义配置的 Openssl 创建 CSR。这是为了沙特政府电子发票建议的目的。我已成功创建公钥和私钥。但是在创建 CSR 时,它显示错误如下:

Error checking request extension section req_ext
FC620000:error:04000067:object identifier routines:OBJ_txt2obj:unknown object name:crypto\objects\obj_dat.c:438:
FC620000:error:05800077:x509 certificate routines:X509_NAME_ENTRY_create_by_txt:invalid field name:crypto\x509\x509name.c:252:name=registerAddress
FC620000:error:11000095:X509 V3 routines:a2i_GENERAL_NAME:dirname error:crypto\x509\v3_san.c:564:
FC620000:error:11000080:X509 V3 routines:X509V3_EXT_nconf_int:error in extension:crypto\x509\v3_conf.c:48:section=req_ext, name=subjectAltName, value=dirName:alt_names

我的config.cnf文件数据如下:

oid_section = OIDs
[OIDs]
certificateTemplateName = 1.3.6.1.4.1.311.20.2

[req]
default_bits = 2048
emailAddress = [email protected]
req_extensions = v3_req
x509_extensions = v3_ca
prompt = no
default_md =sha26
req_extensions = req_ext
distinguished_name = dn


[dn]
C = SA
OU = Ryiad Branch
O = Jarir
CN = 127.0.0.1

[v3_req]
basicConstraints = CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment

[req_ext]
certificateTemplateName = ASN1:PRINTABLESTRING:ZATCA-Code-Signing
subjectAltName = dirName:alt_names

[alt_names]
SN=1-AcmeInc|2-EGSUnit|3-123456789
UID=310122393500003
title=1100
registerAddress=MyAddress
businessCategory=Acme Industry

我尝试了与配置文件相关的所有可能的设置。我是 Openssl 的新手,对此没有足够的了解。

encryption openssl csr
1个回答
0
投票

我目前也在与 ZATCA 集成。有点晚了,但我遇到了类似的错误

Error Loading request extension section req_ext
。我通过将行 
req_extensions = req_ext
放在行 
req_extensions = v3_req
之前解决了这个问题。将其视为扩展名 
req_ext
也会导致您出现错误。

编辑:查看我的 

config.cnf
文件。请注意,带有 
__fieldName
的字段是可填写的。例如
__emailAddress
应替换为
[email protected]
等等

oid_section=OIDS
[ OIDS ]
certificateTemplateName= 1.3.6.1.4.1.311.20.2
[req]
default_bits=2048
emailAddress=__emailAddress
req_extensions=v3_req
x509_extensions=v3_Ca
prompt=no
default_md=sha256
req_extensions=req_ext
distinguished_name=dn
[dn]
CN=__commonName
C=__country
OU=__organizationalUnitName
O=__organizationName
[v3_req]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[req_ext]
certificateTemplateName = ASN1:PRINTABLESTRING:PREZATCA-code-Signing
subjectAltName = dirName:alt_names
[alt_names]
SN=__serialNumber
UID=__vatNumber
title=__invoiceType
registeredAddress=__registeredAddress
businessCategory=__businessCategory
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.