I searched the Internet for several hours, and I cannot find a way to do this. I was already able to create a self-signed CA certificate using the following commands:
openssl genrsa -out ca.key 1024
openssl req -new -x509 -extensions v3_ca -key ca.key -out ca.crt -days 3650
Now I want to create a new certificate and sign it with my CA. In the new certificate, I want to have my own extension - we can call it "abc" to have the integer value "1". I tried the following command:
openssl req -new -nodes -newkey rsa -extensions abc -keyout mycert.key -out mycsr.csr -days 365 -config ./openssl.cnf
When using a file openssl.cnfincluding only this:
[ abc ]
abc = ASN1:INTEGER:1
I get the following error
Error Loading extension section abc
3073632456:error:0D06407A:asn1 encoding routines:a2d_ASN1_OBJECT:first num too large:a_object.c:109:
3073632456:error:22074073:X509 V3 routines:V3_GENERIC_EXTENSION:extension name error:v3_conf.c:271:name=abc
I found this vaguely related topis here on SO, but that doesn't help at all ...
What is the problem? How can I fix myself? Any thoughts appreciated.