creating certificates for dc, user etc for samba tests

Noel Power NoPower at suse.com
Fri Dec 6 08:15:29 UTC 2019


Help!!

Does anyone know anything about openssl & generating certs ?

I tried to follow the instructions at
selftest/manage-ca/manage-CA-samba.example.com.sh

e.g.

  ./manage-ca.sh manage-CA-samba.example.com.cnf create_dc
testdc.samba.example.com 0123456789ABCDEF

  problem creating object scardLogin=1.3.6.1.4.1.311.20.2.2

  140087403947840:error:08064066:object identifier
routines:OBJ_create:oid exists:crypto/objects/obj_dat.c:708:

some google results seemed to indicate this error results from changes
in openssl where some attributes are now included by default (iiuc) so I
commented out that attribute in
manage-ca.templates.d/openssl-BASE-template.cnf

then the same error for msUPN & msKDC (so I did the same)

the process gets further but error out with

Using configuration from
CA-samba.example.com/DCs/testdc.samba.example.com/DC-testdc.samba.example.com-S06-openssl.cnf
Enter pass phrase for
CA-samba.example.com/Private/CA-samba.example.com-private-key.pem:
Error Loading extension section template_x509_extensions
140189838030656:error:0E06D06C:configuration file
routines:NCONF_get_string:no
value:crypto/conf/conf_lib.c:275:group=CA_default name=email_in_dn
140189838030656:error:0D06407A:asn1 encoding
routines:a2d_ASN1_OBJECT:first num too large:crypto/asn1/a_object.c:72:
140189838030656:error:2206706E:X509 V3
routines:v2i_EXTENDED_KEY_USAGE:invalid object
identifier:crypto/x509v3/v3_extku.c:93:section:,name:msKDC,value:
140189838030656:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error
in extension:crypto/x509v3/v3_conf.c:47:name=extendedKeyUsage,
value=clientAuth,serverAuth,msKDC

so I am stumpted as I am totally clueless about these files and their
content, there seems plenty of google hits about similar errors but I
don't know enough to interpret them, can anyone help ??

Noel




More information about the samba-technical mailing list