openssl :invalid type in 'policy' configuration

Question

I want to have a self-signed SSL Certificate for my local development server. I was following the guide on https://help.ubuntu.com/community/OpenSSL and at the last step where you issue the command to sign the certificate by issuing the following command:

openssl ca -in tempreq.pem -out server_crt.pem

I get the following error: (last line)

Using configuration from /home/user_name/.ssl/caconfig.cnf
Enter pass phrase for /home/user_name/.ssl/private/cakey.pem:
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName            :PRINTABLE:'localhost'
stateOrProvinceName   :PRINTABLE:'AA'
countryName           :PRINTABLE:'ET'
emailAddress          :IA5STRING:'user@example.com'
organizationName      :PRINTABLE:'Example Inc'
organizationalUnitName:PRINTABLE:'Development'
localhost:invalid type in 'policy' configuration

What can I do to solve it? Just to serve as a back ground, I don't have a domain name for my server, so I just used localhost to be the commanName. Is that the problem?

Thanks for your help.

Answer 1

1. Copy the policy from /etc/ssl/openssl.cnf to your configuration file

2. Rebuild all the file from beginning

3. The policy section is like following:

    policy          = policy_match

    # For the CA policy
    [ policy_match ]
    countryName             = match
    stateOrProvinceName     = match
    organizationName        = match
    organizationalUnitName  = optional
    commonName              = supplied
    emailAddress            = optional

    # For the 'anything' policy
    # At this point in time, you must list all acceptable 'object'
    # types.
    [ policy_anything ]
    countryName             = optional
    stateOrProvinceName     = optional
    localityName            = optional
    organizationName        = optional
    organizationalUnitName  = optional
    commonName              = supplied
    emailAddress            = optional