This is a discussion on newca is not reflecting basicConstraints in openssl.cnf - Openssl ; Hi, I have modified the [ v3_ca ] extension section in my openssl.cnf so that the basicConstraints is set as follows: basicConstraints - CA:true,pathlen:1 This is to work around an existing weblogic bug. Problem is when I generate my CA, ...
Hi,
I have modified the [ v3_ca ] extension section in my openssl.cnf so that the basicConstraints is set as follows:
basicConstraints - CA:true,pathlen:1
This is to work around an existing weblogic bug.
Problem is when I generate my CA, the cacert.pem is not picking up these settings:
Generated output:
....
X509v3 extenstions:
x509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Client, SSL Server, S/MIME, Object Signing
Netscape Comment:
OpenSSL Generawted Certificate
....
It seems that I specified in openssl.cnf isn't getting picked up. I should see something like:
x509v3 Basic Constraints:
BasicConstraints:[
CA:true
PathLen:1
]
Any ideas? Thanks in advance!
