On Thu, Feb 26, 2026 at 11:55:49PM -0800, Andy Wood wrote:
> I've tried running the command line my automation is using by hand and I
> can reproduce the issue reliably, but when I run openssl x509 -text,
The `openssl x509` command prints certificates, not CSRs.
To print a CSR you need to use `openssl req`.
The last of these holds a certificate, not a CSR.
$ curl -sLo - '
https://pdxlents.online/openssl_misbehavior.txt'
basalt:~# /usr/bin/openssl ca -config /root/ca/intermediate/openssl.cnf \
-passin file:/tmp/ansible.3s7lximp -extensions server_cert -days 375 \
-notext -md sha256 -in /usr/local/share/csr-signing/csr/rhyolite.houseof.rocks.csr.pem \
-out /usr/local/share/csr-signing/cert/rhyolite.houseof.rocks.cert.pem
Well, that '-in' file does not hold a CSR.
basalt:~# openssl x509 -in /usr/local/share/csr-signing/csr/rhyolite.houseof.rocks.csr.pem -inform pem -text -noout
And there you are showing it holds a certificate...
Certificate:
Data:
Version: 3 (0x2)
...
--
Viktor. 🇺🇦 Слава Україні!