search

Dexus / pem

Create private keys and certificates with node.js
Other
570 stars 129 forks source link

Error Loading extension section v3_req #307

Closed bmagnette closed 3 years ago

bmagnette commented 3 years ago

Hi everyone,

Trying to use library pem to generate a certificate with v3_req extension but I'm always getting an error. API documentation says that If I specify config then the v3_req section will be used. But right now, I'm getting this error with this code :

% openssl x509 -req -sha256 -days 1095 -in /tmp/dc4690e0574dfc1e6c1239c0215aed5326041d2e -signkey /tmp/01177dfb1c2748532d5f380144deb30ac61a1e66 -extensions v3_req -extfile /tmp/4e2988602eaded57582aea801ec912dd6ad9b4e1 2021-09-18 14:03:17.443706158 +0200 CEST [web-1] Error Loading extension section v3_req 2021-09-18 14:03:17.443702601 +0200 CEST [web-1] Error: Invalid openssl exit code: 1 2021-09-18 14:03:17.442257164 +0200 CEST [web-1] at Pipe._handle.close (net.js:607:12) 2021-09-18 14:03:17.442253496 +0200 CEST [web-1] at Socket.emit (events.js:198:13) 2021-09-18 14:03:17.442237483 +0200 CEST [web-1] at Socket.stream.socket.on (internal/child_process.js:389:11) 2021-09-18 14:03:17.442237047 +0200 CEST [web-1] at maybeClose (internal/child_process.js:982:16) 2021-09-18 14:03:17.442227991 +0200 CEST [web-1] at ChildProcess.emit (events.js:198:13) 2021-09-18 14:03:17.442227473 +0200 CEST [web-1] at ChildProcess. (/app/node_modules/pem/lib/openssl.js:175:7) 2021-09-18 14:03:17.442214690 +0200 CEST [web-1] at done (/app/node_modules/pem/lib/openssl.js:158:27) 2021-09-18 14:03:17.442212176 +0200 CEST [web-1] 2021-09-18 14:03:17.441976235 +0200 CEST [web-1] Error Loading extension section v3_req

const cert = await pem.createCertificate({ clientKey: clientPrivateKey, serviceKey: servicePrivateKey, selfSigned: true, extFile:${_dirname}/ext${keyName}.txt, config: {}, csr, days: 1095 });

`[req] req_extensions = v3_req distinguished_name = req_distinguished_name

[req_distinguished_name] commonName = Common Name commonName_max = 64

[v3_req] basicConstraints = critical,CA:TRUE keyUsage = nonRepudiation, digitalSignature, keyEncipherment`

Any idea ?

Regards

bmagnette commented 3 years ago

I finally found my mistake, I was wrongly using config parameters. The right way to do it ->

const cert = await pem.createCertificate({ clientKey: clientPrivateKey, serviceKey: servicePrivateKey, selfSigned: true, config: [ '[req]', 'req_extensions = v3_req', 'distinguished_name = req_distinguished_name', '[req_distinguished_name]', 'commonName = Common Name', 'commonName_max = 64', '[v3_req]', 'basicConstraints = critical,CA:TRUE', keyUsage = ${keyUsage}].join('\n'), csr, days: 1095 });