I am having problem using the exemple provided by OpenSSL to create a certificate Request with v3 extensions. This entire code can be found in the mkreq.c in Openssl/demos/x509/
Adding some x509v3 extensions to a cert request is working good. I can add the Key usage or a subject alt name
add_ext(exts, NID_key_usage, "critical,digitalSignature,keyEncipherment");
add_ext(exts, NID_subject_alt_name, "email:[email protected]");
but when I try to add an AuthorityKeyIdentifier this is not working...
add_ext(exts, NID_authority_key_identifier, "keyid,issuer");
The add_ext is also provided in the mkreq :
int add_ext(STACK_OF(X509_REQUEST) *sk, int nid, char *value)
{
X509_EXTENSION *ex;
ex = X509V3_EXT_conf_nid(NULL, NULL, nid, value);
if (!ex)
return 0;
sk_X509_EXTENSION_push(sk, ex);
return 1;
}
Do somebody have a clue why some extensions are working and some not ? When I add the same extensions for self-signed its working well...
After reasearching for some time, it appears that this is not possible since you don't know the CA when you are creating a certificate request...