Hi I'm trying to use OpenCA as a cert authority for our secure email system (Tumbleweed's MMS).
After some problems with Mozilla (it doesn't work for me as it suppresses the password dialog) I have come up against a puzzling problem. Basically the mail system (and some others I believe) use a DN element for the email address to check that the cert used to sign matches the originator's address. If I make a CSR then the email address is there as 'emailaddress=...' which seems ok, however when I export it back to the CA and sign it the DN is rewritten during the signing process and loses the emailaddress element. It seems odd that they use this and ignore the subjectaltname but I'm rather new to PKI. Anyone else come across this problem (and a solution would be nice <g>). Rgds james _______________________________________________________________ Have big pipes? SourceForge.net is looking for download mirrors. We supply the hardware. You get the recognition. Email Us: [EMAIL PROTECTED] _______________________________________________ OpenCA-Devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-devel
