Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-40605

Can't create Version 1 X.509 certificates any more

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Do
    • Icon: Undefined Undefined
    • None
    • rhel-9.5
    • openssl
    • None
    • None
    • None
    • rhel-sst-security-crypto
    • ssg_security
    • None
    • False
    • Hide

      None

      Show
      None
    • Yes
    • None
    • None
    • None
    • Known Issue
    • Hide
      .OpenSSL no longer creates X.509 v1 certificates

      With the OpenSSL TLS toolkit 3.2.1 introduced in RHEL 9.5, you can no longer create certificates in the X.509 version 1 format using the `openssl` CA tool. The X.509 v1 format does not meet current web requirements.
      Show
      .OpenSSL no longer creates X.509 v1 certificates With the OpenSSL TLS toolkit 3.2.1 introduced in RHEL 9.5, you can no longer create certificates in the X.509 version 1 format using the `openssl` CA tool. The X.509 v1 format does not meet current web requirements.
    • Done
    • None

      With openssl 3.0.7 it was possible to create a X.509 Version 1 certificate.
      With openssl 3.2.1 using openssl ca tool, when no -extensions option is specified or it points to an empty section, a version 3 certificate with X509v3 Subject Key Identifier and X509v3 Authority Key Identifier extensions is created.
      When -extensions points to a section with:

      subjectKeyIdentifier=none
authorityKeyIdentifier=none

      then the certificate has no extensions but is still marked as version 3 x509 certificate. I see no other way to control certificate version when using the openssl ca tool.

              dbelyavs@redhat.com Dmitry Belyavskiy
              hkario@redhat.com Alicja Kario
              Dmitry Belyavskiy Dmitry Belyavskiy
              George Pantelakis George Pantelakis
              Mirek Jahoda Mirek Jahoda
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: