Fix certificate creation with OpenSSL >= 3.2 (fixes #7481)

2025-05-21 03:02:05 +00:00 · 2024-12-04 18:36:21 +01:00 · 2024-12-04 18:36:21 +01:00 · ddbeb291b5
commit ddbeb291b5
parent f7e389a0c0
2 changed files with 3 additions and 3 deletions
--- a/xCAT-server/share/xcat/ca/openssl.cnf.tmpl
+++ b/xCAT-server/share/xcat/ca/openssl.cnf.tmpl
@ -167,7 +167,7 @@ basicConstraints=CA:FALSE
 nsCertType			= server, client, objsign
 nsComment			= "OpenSSL Generated Server Certificate"
 subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
+#authorityKeyIdentifier=keyid,issuer
 keyUsage = digitalSignature,keyAgreement,keyEncipherment
 extendedKeyUsage = serverAuth, clientAuth

@ -205,7 +205,7 @@ nsComment			= "OpenSSL Generated Client Certificate"

 # PKIX recommendations harmless if included in all certificates.
 subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
+#authorityKeyIdentifier=keyid,issuer

 # This stuff is for subjectAltName and issuerAltname.
 # Import the email address.
--- a/xCAT-server/share/xcat/scripts/setup-dockerhost-cert.sh
+++ b/xCAT-server/share/xcat/scripts/setup-dockerhost-cert.sh
@ -60,7 +60,7 @@ if [ ! -e $XCATDOCKERCADIR/certs ]; then
 fi

 openssl genrsa -out ca/dockerhost-key.pem 2048
-openssl req -config ca/openssl.cnf -new -key ca/dockerhost-key.pem -out cert/dockerhost-req.pem -extensions server -subj "/CN=$CNA"
+openssl req -config ca/openssl.cnf -new -key ca/dockerhost-key.pem -out cert/dockerhost-req.pem -subj "/CN=$CNA"
 mv cert/dockerhost-req.pem  ca/$CNA\.csr
 cd -
 cd $XCATDOCKERCADIR