I have created via TMS Crypto a CSR. Then I signed it via openssl using a root CA and have got a singed certificate.
Then, I try to decode it and getting this error:
Here is the signed certificate:
signedCrt.zip (1.0 KB)
I have "fixed" this issue like this:
On singing via openssl I add a v3_extensions:
openssl x509 -req -in csr.pem -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out signed_cert.crt -days 365 -extfile extensions.cnf -extensions v3_extensions
The content of the file extensions.cnf
[v3_extensions]
basicConstraints = CA:FALSE
Then, I am getting a signed X509 Csr which can be decoded via TX509Certificate.Decode
A question to @Bernard Would it be feasible to add this extension into procedure TX509Certificate.SignCsr?