creating certificates for dc, user etc for samba tests

Noel Power NoPower at
Fri Dec 6 08:15:29 UTC 2019


Does anyone know anything about openssl & generating certs ?

I tried to follow the instructions at


  ./ create_dc 0123456789ABCDEF

  problem creating object scardLogin=

  140087403947840:error:08064066:object identifier
routines:OBJ_create:oid exists:crypto/objects/obj_dat.c:708:

some google results seemed to indicate this error results from changes
in openssl where some attributes are now included by default (iiuc) so I
commented out that attribute in

then the same error for msUPN & msKDC (so I did the same)

the process gets further but error out with

Using configuration from
Enter pass phrase for
Error Loading extension section template_x509_extensions
140189838030656:error:0E06D06C:configuration file
value:crypto/conf/conf_lib.c:275:group=CA_default name=email_in_dn
140189838030656:error:0D06407A:asn1 encoding
routines:a2d_ASN1_OBJECT:first num too large:crypto/asn1/a_object.c:72:
140189838030656:error:2206706E:X509 V3
routines:v2i_EXTENDED_KEY_USAGE:invalid object
140189838030656:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error
in extension:crypto/x509v3/v3_conf.c:47:name=extendedKeyUsage,

so I am stumpted as I am totally clueless about these files and their
content, there seems plenty of google hits about similar errors but I
don't know enough to interpret them, can anyone help ??


More information about the samba-technical mailing list