const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts, const EVP_MD *dgst, STACK_OF (OPENSSL_STRING) *sigopts, STACK_OF(OPENSSL_STRING) *vfyopts, STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, const char *subj, unsigned long chtype, int multirdn, int email_dn, const char *startdate, const char *enddate,

openssl ca -config openssl-1.0.0.cnf -extensions server -days 375 -notext -md sha512 -in keys/example.org.csr -out keys/example.org.crt -startdate 20170304000000 -enddate 20180401000000 openssl share | improve this question | follow | ssl certificate - openssl keeps giving me "unknown option openssl genrsa -des3 -out privkey.key 2048 then the second command is giving me the errors: openssl req –new –nodes -key privkey.key –out server.csr it says "unknown option -new" and then lists all of the options, one of which is of course "-new" openssl/x509.c at master · openssl/openssl · GitHub TLS/SSL and crypto library. Contribute to openssl/openssl development by creating an account on GitHub.

openssl ca -in my.crt -out new.crt -startdate 120815080000Z -enddate 120815090000Z I have looked on the forum and still have no idea how to create a Cert that has a notBeginDate I can see opening as an x509 that is expired of course.

openssl genrsa -des3 -out privkey.key 2048 then the second command is giving me the errors: openssl req –new –nodes -key privkey.key –out server.csr it says "unknown option -new" and then lists all of the options, one of which is of course "-new" openssl/x509.c at master · openssl/openssl · GitHub

OpenSSL - OpenSSL "x509" Command Options

openssl req -newkey rsa:4096 -days 3000 -keyout new2.key -out new2.csr -config sign_openssl.cnf openssl ca -in new2.csr -days 3000 -notext -out new2.pem -keyfile ca.key -cert ca.crt -config sign_openssl.cnf openssl rsa -in new2.key -out new2a.key cat new2a.key new2.pem > squid.pem openssl x509 -text -noout -in squid.pem if sign_openssl.cnf had all the information configured then this would 1085238 - sec_error_expired_certificate when notAfter My suspicion is that the generated certificate has an invalid encoding for notBefore and notAfter if startdate and enddate are used with a time zone (ref: OpenSSL bug #2990). Thus the Steps to Reproduce becomes: openssl ca -config etc/rsa-root-ca.conf -notext -in certs/csr/rsa-server.example.com.spectime.csr -out certs/rsa-server.example.com Submit a Certificate and view it's details Certificate public key: openssl x509 -in server.cer -noout -subject -issuer -startdate -enddate Certificate request: openssl req -in server.cer -noout -subject Contact Symantec Access Management - Broadcom Community cas.pem and yourFriendlyUniqueCAname.cer are the Root Cert for your OpenSSL CA. ca.srl is the file that keeps track of the latest serial number available for new certs. Create the ca.srl file with the command: echo 01 > ca.srl. Writing 01 into the file is required, not just 1, because openssl is expecting a …