basalt:~# /usr/bin/openssl ca -config /root/ca/intermediate/openssl.cnf -passin file:/tmp/ansible.3s7lximp -extensions server_cert -days 375 -notext -md sha256 -in /usr/local/share/csr-signing/csr/rhyolite.houseof.rocks.csr.pem -out /usr/local/share/csr-signing/cert/rhyolite.houseof.rocks.cert.pem Using configuration from /root/ca/intermediate/openssl.cnf 343FF376:error:068000A8:asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1221: 343FF376:error:0688010A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:375:Type=X509_REQ error: unable to load certificate request from file '/usr/local/share/csr-signing/csr/rhyolite.houseof.rocks.csr.pem' basalt:~# openssl x509 -in /usr/local/share/csr-signing/csr/rhyolite.houseof.rocks.csr.pem -inform pem -text -noout Certificate: Data: Version: 3 (0x2) Serial Number: 40:74:b0:e7:4b:e5:8a:a5:61:c0:3f:2a:0d:a0:fd:ed:2c:13:1a:2c Signature Algorithm: sha256WithRSAEncryption Issuer: CN= Validity Not Before: Feb 27 06:56:10 2026 GMT Not After : Mar 29 06:56:10 2026 GMT Subject: CN= Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:db:0d:af:dc:be:9a:d5:ff:1c:20:c0:12:89:16: 1a:a9:d8:b9:26:ed:ff:df:c0:30:96:e7:27:d6:3a: c4:94:4b:d8:cf:b9:7e:11:c8:7a:c0:e7:e6:e9:05: 51:e0:c8:9d:87:c0:75:c2:f3:27:83:4d:7f:33:71: 2b:60:ac:e9:f1:5c:5a:36:f1:e0:b5:a5:5b:04:e0: b2:44:78:09:fd:42:fe:db:59:00:38:95:78:f4:50: 0f:1e:45:68:50:0a:1f:95:3e:9a:70:d2:48:46:98: 9b:c5:ee:78:dc:df:b0:4e:8b:55:ee:79:c9:0a:bc: a0:dc:90:ba:53:a6:7a:69:e0:ab:30:a1:cf:47:9e: db:21:dd:ee:bf:be:ff:b0:8a:08:32:3b:fc:70:d0: 58:66:19:de:53:bd:e8:49:05:a6:04:04:e3:c7:d4: b8:5a:15:25:4e:87:32:38:ae:e6:e3:9e:90:d8:f4: 4c:ef:3f:e5:8a:fd:81:62:fe:3c:9f:c6:32:90:8c: a2:f4:88:5c:1d:ae:57:fc:29:75:b1:04:9d:d9:e0: 78:e6:fb:4a:47:4e:00:cb:93:83:a6:a2:73:ba:1b: 7a:3f:2d:21:53:fb:bf:93:05:2e:6c:b4:88:6e:ac: 53:9a:47:d1:80:d6:ed:9b:be:a8:31:83:af:00:a9: 1d:79 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Cert Type: SSL Server Netscape Comment: OpenSSL Generated Server Certificate X509v3 Subject Key Identifier: F7:E4:24:70:36:E1:02:27:DB:06:F0:C0:4A:43:FF:9A:6F:09:55:D0 X509v3 Authority Key Identifier: DirName: serial:40:74:B0:E7:4B:E5:8A:A5:61:C0:3F:2A:0D:A0:FD:ED:2C:13:1A:2C X509v3 Key Usage: critical Digital Signature, Non Repudiation, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication X509v3 Subject Alternative Name: DNS: Signature Algorithm: sha256WithRSAEncryption Signature Value: ba:bb:d9:cd:e8:03:8e:ea:a0:44:ab:d3:f1:ab:63:e8:17:b6: 8e:61:f2:d9:dc:65:c4:64:10:da:13:8c:82:d7:79:73:a7:d7: 6f:c9:33:6e:13:7c:ae:73:3e:fd:62:9b:f8:7b:12:0b:7f:a0: 86:1b:5e:e4:29:0f:04:e7:e1:0f:0c:df:f7:53:8d:8a:c8:6f: c2:ca:4b:a9:70:46:da:9e:a7:52:6f:c5:05:8b:78:78:f5:8c: 7b:7f:a3:58:ee:3e:a5:93:a5:3c:0e:7e:e2:6b:c6:2e:80:5e: 73:a9:d2:26:c0:47:79:c8:18:e6:d4:27:38:f6:69:34:91:f9: 00:b7:5f:01:ae:65:75:c5:b8:bb:4f:23:fe:67:a3:26:a9:b1: dd:9f:12:67:59:f3:8e:7d:52:39:a9:61:19:ca:13:1b:2f:85: 43:65:eb:d9:85:e3:43:9a:1e:1a:ac:8c:af:1a:0a:96:4e:10: 4e:cd:de:16:35:c2:fb:ea:ba:14:c4:d7:0c:db:aa:ff:73:a6: b5:da:15:6b:76:8d:aa:4e:5c:f7:4a:a6:ea:75:b4:13:4f:bb: 1e:5f:c4:33:50:9e:b7:f8:b6:95:de:af:e0:07:16:61:89:4c: e2:59:4a:b5:54:6e:59:c6:04:81:cd:ad:3b:50:2d:1d:b9:97: 31:af:22:95 basalt:~# /usr/bin/openssl asn1parse -in /usr/local/share/csr-signing/csr/rhyolite.houseof.rocks.csr.pem 0:d=0 hl=4 l=1319 cons: SEQUENCE 4:d=1 hl=4 l=1039 cons: SEQUENCE 8:d=2 hl=2 l= 3 cons: cont [ 0 ] 10:d=3 hl=2 l= 1 prim: INTEGER :02 13:d=2 hl=2 l= 20 prim: INTEGER :4074B0E74BE58AA561C03F2A0DA0FDED2C131A2C 35:d=2 hl=2 l= 13 cons: SEQUENCE 37:d=3 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption 48:d=3 hl=2 l= 0 prim: NULL 50:d=2 hl=3 l= 134 cons: SEQUENCE 53:d=3 hl=2 l= 17 cons: SET 55:d=4 hl=2 l= 15 cons: SEQUENCE 57:d=5 hl=2 l= 3 prim: OBJECT :commonName 62:d=5 hl=2 l= 8 prim: UTF8STRING :xxxxxxxx 72:d=3 hl=2 l= 11 cons: SET 74:d=4 hl=2 l= 9 cons: SEQUENCE 76:d=5 hl=2 l= 3 prim: OBJECT :countryName 81:d=5 hl=2 l= 2 prim: PRINTABLESTRING :US 85:d=3 hl=2 l= 15 cons: SET 87:d=4 hl=2 l= 13 cons: SEQUENCE 89:d=5 hl=2 l= 3 prim: OBJECT :stateOrProvinceName 94:d=5 hl=2 l= 6 prim: UTF8STRING :Oregon 102:d=3 hl=2 l= 17 cons: SET 104:d=4 hl=2 l= 15 cons: SEQUENCE 106:d=5 hl=2 l= 3 prim: OBJECT :localityName 111:d=5 hl=2 l= 8 prim: UTF8STRING :Portland 121:d=3 hl=2 l= 23 cons: SET 123:d=4 hl=2 l= 21 cons: SEQUENCE 125:d=5 hl=2 l= 3 prim: OBJECT :organizationName 130:d=5 hl=2 l= 14 prim: UTF8STRING :xxxxxxxxxxxxxx 146:d=3 hl=2 l= 39 cons: SET 148:d=4 hl=2 l= 37 cons: SEQUENCE 150:d=5 hl=2 l= 9 prim: OBJECT :emailAddress 161:d=5 hl=2 l= 24 prim: IA5STRING :xxxxxxxxxxxxxxxxxxxxxxxx 187:d=2 hl=2 l= 30 cons: SEQUENCE 189:d=3 hl=2 l= 13 prim: UTCTIME :260227065610Z 204:d=3 hl=2 l= 13 prim: UTCTIME :260329065610Z 219:d=2 hl=3 l= 134 cons: SEQUENCE 222:d=3 hl=2 l= 17 cons: SET 224:d=4 hl=2 l= 15 cons: SEQUENCE 226:d=5 hl=2 l= 3 prim: OBJECT :commonName 231:d=5 hl=2 l= 8 prim: UTF8STRING :rhyolite 241:d=3 hl=2 l= 11 cons: SET 243:d=4 hl=2 l= 9 cons: SEQUENCE 245:d=5 hl=2 l= 3 prim: OBJECT :countryName 250:d=5 hl=2 l= 2 prim: PRINTABLESTRING :US 254:d=3 hl=2 l= 15 cons: SET 256:d=4 hl=2 l= 13 cons: SEQUENCE 258:d=5 hl=2 l= 3 prim: OBJECT :stateOrProvinceName 263:d=5 hl=2 l= 6 prim: UTF8STRING :Oregon 271:d=3 hl=2 l= 17 cons: SET 273:d=4 hl=2 l= 15 cons: SEQUENCE 275:d=5 hl=2 l= 3 prim: OBJECT :localityName 280:d=5 hl=2 l= 8 prim: UTF8STRING :Portland 290:d=3 hl=2 l= 23 cons: SET 292:d=4 hl=2 l= 21 cons: SEQUENCE 294:d=5 hl=2 l= 3 prim: OBJECT :organizationName 299:d=5 hl=2 l= 14 prim: UTF8STRING :xxxxxxxxxxxxxxx 315:d=3 hl=2 l= 39 cons: SET 317:d=4 hl=2 l= 37 cons: SEQUENCE 319:d=5 hl=2 l= 9 prim: OBJECT :emailAddress 330:d=5 hl=2 l= 24 prim: IA5STRING :xxxxxxxxxxxxxxxxxxxxxxxx 356:d=2 hl=4 l= 290 cons: SEQUENCE 360:d=3 hl=2 l= 13 cons: SEQUENCE 362:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption 373:d=4 hl=2 l= 0 prim: NULL 375:d=3 hl=4 l= 271 prim: BIT STRING 650:d=2 hl=4 l= 393 cons: cont [ 3 ] 654:d=3 hl=4 l= 389 cons: SEQUENCE 658:d=4 hl=2 l= 9 cons: SEQUENCE 660:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints 665:d=5 hl=2 l= 2 prim: OCTET STRING [HEX DUMP]:3000 669:d=4 hl=2 l= 17 cons: SEQUENCE 671:d=5 hl=2 l= 9 prim: OBJECT :Netscape Cert Type 682:d=5 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:03020640 688:d=4 hl=2 l= 51 cons: SEQUENCE 690:d=5 hl=2 l= 9 prim: OBJECT :Netscape Comment 701:d=5 hl=2 l= 38 prim: OCTET STRING [HEX DUMP]:16244F70656E53534C2047656E65726174656420536572766572204365727469666963617465 741:d=4 hl=2 l= 29 cons: SEQUENCE 743:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier 748:d=5 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:0414F7E4247036E10227DB06F0C04A43FF9A6F0955D0 772:d=4 hl=3 l= 176 cons: SEQUENCE 775:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier 780:d=5 hl=3 l= 168 prim: OCTET STRING [HEX DUMP]:3081A5A1818CA481893081863111300F06035504030C087268796F6C697465310B3009060355040613025553310F300D06035504080C064F7265676F6E3111300F06035504070C08506F72746C616E6431173015060355040A0C0E486F757365206F6620526F636B733127302506092A864886F70D0109011618686F73746D617374657240686F7573656F662E726F636B7382144074B0E74BE58AA561C03F2A0DA0FDED2C131A2C 951:d=4 hl=2 l= 14 cons: SEQUENCE 953:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage 958:d=5 hl=2 l= 1 prim: BOOLEAN :255 961:d=5 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:030205E0 967:d=4 hl=2 l= 19 cons: SEQUENCE 969:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Extended Key Usage 974:d=5 hl=2 l= 12 prim: OCTET STRING [HEX DUMP]:300A06082B06010505070301 988:d=4 hl=2 l= 57 cons: SEQUENCE 990:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Alternative Name 995:d=5 hl=2 l= 50 prim: OCTET STRING [HEX DUMP]:303082087268796F6C69746582167268796F6C6974652E686F7573656F662E726F636B73820C3139322E3136382E302E3137 1047:d=1 hl=2 l= 13 cons: SEQUENCE 1049:d=2 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption 1060:d=2 hl=2 l= 0 prim: NULL 1062:d=1 hl=4 l= 257 prim: BIT STRING